Search code examples
node.jsubuntunpmuser-management

How to create a ubuntu user from within node

I'm trying to add users to the server running my node application. Right now I am using: 

exec("useradd -mp {password-hash}")

with a hash that gets created by 

exec("mkpasswd -m des {password}")

This leaves the password visible in the process list, and that should be avoided at all costs.

That's why I am wondering if there is a module on npm or an easier way to add a linux user to the system programmatically (this is necessary because the app I am building creates a user account on the system when a user registers on the web). Can this be done without evoking system commands like I am currently doing? I have found neither npm module nor any information of using node to interact with ubuntu/unix user management.

Solution

Using Mustafa's hints from the top answer, I implemented a version of the mkpasswd command using spawn. In CoffeeScript, it would look like this: 

{spawn} = require 'child_process'

child = spawn 'mkpasswd', ['-m','des','--stdin']

child.stdout.on 'data', (data)->
  console.log 'password hash arrived: ', data.toString()

child.stdin.write 'password'

Make sure you add the proper error handling event handlers to child.stderr and child.stdout while debugging your code.

Solution

  • You either use those commands or manually add your user to /etc/passwd and its password to /etc/shadow.

    Format of a /etc/passwd entry: username:passwd:UID:GID:full_name:directory:shell

    Passwd should be x if you want it o make it secure, so it will read from shadow.

    Format of a /etc/shadow entry: username:passwd:last:may:must:warn:expire:disable:reserved

    If you add them correctly, there will be no problem.

    But why would you bother with it manually while you have the required tool? If you are concerned about the privacy, you can issue mkpasswd -m des --stdin which will read the password from standart input. Instead of exec, when you use spawn, you can also control the stdin and stdout of the processes. stdin is just a writable stream, you can write to it and read the output from stdout. Or you can find a npm module that generates the hash with given algorithms, DES, AES etc.