[users@httpd] problem in creating user from script

[prema shatwappa desai <pr...@rediffmail.com>]

  	  i want to create a system user whose name will be given 
 from
    user input in php from browser.
   	In httpd.conf user & group is apache & the
    folder which contains all the php file has file group & file
    owener apache .
    	If i login as apache user in linux  & give command  in linux 
as
 		sudo /usr/sbin/useradd username then
         it create the user .
            but not creating from script which i am accessing 
through
    apache .

 	In /etc/sudoers i have written
                  apache ALL(ALL) ALL


       Also i am not able to access the root level files & 
modifying it
  eg /etc/...
     but if i execute that script from command prompt then that 
script  do things so what to do




         so what changes should be done to create system user from 
browser
         using apache?






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] problem in creating user from script

["i.t" <i....@ithum.de>]

>      but if i execute that script from command prompt then that
> script  do things so what to do
>
did you try the 
system() function or the backticks?
i.t
-- 
 . ___
 |  |  Irmund     Thum
 |  |   


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] problem in creating user from script

["Dave [Hawk-Systems]" <da...@hawk-systems.com>]

>  	  i want to create a system user whose name will be given
> from
>    user input in php from browser.
>   	In httpd.conf user & group is apache & the
>    folder which contains all the php file has file group & file
>    owener apache .
>    	If i login as apache user in linux  & give command  in linux
>as
> 		sudo /usr/sbin/useradd username then
>         it create the user .
>            but not creating from script which i am accessing
>through
>    apache .
>
> 	In /etc/sudoers i have written
>                  apache ALL(ALL) ALL

is this a public machine?  this sounds like a bad idea.

>
>       Also i am not able to access the root level files &
>modifying it
>  eg /etc/...
>     but if i execute that script from command prompt then that
>script  do things so what to do
>

not from the Linux community, but your apache runs everything as apache(or
whatever), and should not be able to elevate its permission to root and write to
root only restricted files.  This is a good thing.

>
>
>         so what changes should be done to create system user from
>browser
>         using apache?


given the situation you mentioned...  here is a solution we implemented.  Not
perfect, but good enough.

- request to create a user checked against flat file or db for existing user.
- request then checked against valid heuristics, no command line code,
restricted words, characters, etc...
- password checked for validity as well, perhaps matching both fields in input
form, whatever
- once all checkes are validated, write the pending user to file outside web
directory.
- cron parses for files, file length, (take your pick) in the directory, and
then runs the adduser command for each, checking itself for malicious code,
characters etc before creating the user.
- copies success into flat file or db of existing users
- adds user to ftpchroot, and other restrictive files. (freebsd example)

this eliminates the need for any web based module to elevate its permissions or
sudo...  not pretty, but relatively safe.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org