You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by prema shatwappa desai <pr...@rediffmail.com> on 2002/09/21 09:24:12 UTC
[users@httpd] problem in creating user from script
i want to create a system user whose name will be given
from
user input in php from browser.
In httpd.conf user & group is apache & the
folder which contains all the php file has file group & file
owener apache .
If i login as apache user in linux & give command in linux
as
sudo /usr/sbin/useradd username then
it create the user .
but not creating from script which i am accessing
through
apache .
In /etc/sudoers i have written
apache ALL(ALL) ALL
Also i am not able to access the root level files &
modifying it
eg /etc/...
but if i execute that script from command prompt then that
script do things so what to do
so what changes should be done to create system user from
browser
using apache?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] problem in creating user from script
Posted by "i.t" <i....@ithum.de>.
> but if i execute that script from command prompt then that
> script do things so what to do
>
did you try the
system() function or the backticks?
i.t
--
. ___
| | Irmund Thum
| |
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] problem in creating user from script
Posted by "Dave [Hawk-Systems]" <da...@hawk-systems.com>.
> i want to create a system user whose name will be given
> from
> user input in php from browser.
> In httpd.conf user & group is apache & the
> folder which contains all the php file has file group & file
> owener apache .
> If i login as apache user in linux & give command in linux
>as
> sudo /usr/sbin/useradd username then
> it create the user .
> but not creating from script which i am accessing
>through
> apache .
>
> In /etc/sudoers i have written
> apache ALL(ALL) ALL
is this a public machine? this sounds like a bad idea.
>
> Also i am not able to access the root level files &
>modifying it
> eg /etc/...
> but if i execute that script from command prompt then that
>script do things so what to do
>
not from the Linux community, but your apache runs everything as apache(or
whatever), and should not be able to elevate its permission to root and write to
root only restricted files. This is a good thing.
>
>
> so what changes should be done to create system user from
>browser
> using apache?
given the situation you mentioned... here is a solution we implemented. Not
perfect, but good enough.
- request to create a user checked against flat file or db for existing user.
- request then checked against valid heuristics, no command line code,
restricted words, characters, etc...
- password checked for validity as well, perhaps matching both fields in input
form, whatever
- once all checkes are validated, write the pending user to file outside web
directory.
- cron parses for files, file length, (take your pick) in the directory, and
then runs the adduser command for each, checking itself for malicious code,
characters etc before creating the user.
- copies success into flat file or db of existing users
- adds user to ftpchroot, and other restrictive files. (freebsd example)
this eliminates the need for any web based module to elevate its permissions or
sudo... not pretty, but relatively safe.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org