You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Aaron Axelsen <ax...@amadmax.com> on 2002/11/18 03:05:01 UTC

[users@httpd] Cannot create temp file

I have php script that I want to be able to add users to a htpasswd file
.. However when its called from the php script I get the following
error:
/usr/local/apache/bin/htpasswd: unable to create temporary file
htpasswd.tmp.oELAa4

I am calling the htpasswd command like this:
system("/usr/local/apache/bin/htpasswd -bm /path/to/.htpasswd $user
$password");

Where is it trying to create this temp file?


---
Aaron Axelsen
AIM: AAAK2
Email: axelseaa@amadmax.com
URL: www.amadmax.com
 
"It said, ""Insert disk #3,"" but only two will fit!"
"One picture is worth 128K words."



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Cannot create temp file

Posted by Joshua Slive <jo...@slive.ca>.

On Sun, 17 Nov 2002, Aaron Axelsen wrote:

> I have php script that I want to be able to add users to a htpasswd file
> .. However when its called from the php script I get the following
> error:
> /usr/local/apache/bin/htpasswd: unable to create temporary file
> htpasswd.tmp.oELAa4
>
> I am calling the htpasswd command like this:
> system("/usr/local/apache/bin/htpasswd -bm /path/to/.htpasswd $user
> $password");

Ooooh.  Look.  Really bad idea.

I'm very much hoping that you are strictly sanitizing $user and $password
before passing them to system.  Otherwise, this is a guarenteed security
breech.

htpasswd is designed to be run from the command line, not from the web.
You would, perhaps, be better off taking a look at its source code and
trying to adapt it to something a little more suited to direct web use.

I don't specifically remember what the temp file is for, but I'd guess
that it is writing the new password database to the temp file to assure
that it doesn't mangle the old one before replacing it.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org