Stop Microsoft
Operating Systems => Linux and UNIX => Topic started by: Stryker on 3 November 2002, 05:16
-
I am wanting to make a script (which is password protected of course) that will use the useradd command. Of course I need to be root to do this, but it's just stupid to run a webserver as root. Anyone know of a smart way i could go about doing this?
-
Not sure what you are getting at. Do you mean you want to write a CGI program so you can add a user through a web based interface? If so check out http://www.webmin.com/ (http://www.webmin.com/) and even though you start the web server (Apache) as root it spawn supprocesses that are run under the user "apache" with very limited capability. So you *really* aren't running the web server as root. If someone were to exploit a hole they would only get the limited privelages of the "apache" user.
-
quote:
Originally posted by void main:
Not sure what you are getting at. Do you mean you want to write a CGI program so you can add a user through a web based interface? If so check out http://www.webmin.com/ (http://www.webmin.com/) and even though you start the web server (Apache) as root it spawn supprocesses that are run under the user "apache" with very limited capability. So you *really* aren't running the web server as root. If someone were to exploit a hole they would only get the limited privelages of the "apache" user.
I have webmin... that's not what i'm looking for though. i want to make my own script that will execute useradd as root. i hear suexec may work but i dont know anything about it
-
quote:
Originally posted by Stryker:
I have webmin... that's not what i'm looking for though. i want to make my own script that will execute useradd as root. i hear suexec may work but i dont know anything about it
I haven't used suexec and I don't believe you can do root privelaged things, only privelages of other users. However, I have done similar things using a "system()" call in PHP to "sudo".
[ November 02, 2002: Message edited by: void main ]
-
quote:
Originally posted by void main:
suexec is exactly what you would want to use under Apache. I believe it is much like "sudo" as far as how it works and it's configuration. I assume you'll want to use htpaccess/htpasswd to password protect the page, if so you might want to do the authentication over https. However, I have done similar things using a "system()" call in PHP to "sudo".
[ November 02, 2002: Message edited by: void main ]
I have htpasswd and a .htaccess to protect the page. But I have no idea how to use sudo or suexec... have any good links?
-
Can it be in PHP or Perl? Which do you prefer? I can whip up an example in either and give you an example of the /etc/sudoers file that will allow this.
-
quote:
Originally posted by void main:
Can it be in PHP or Perl? Which do you prefer? I can whip up an example in either and give you an example of the /etc/sudoers file that will allow this.
Actually this page is running through a bash script... but if anything else it'd be perl
-
Well I could do it in bash as well. No biggy.
-
well then bash it is. I got apache to execute useradd... put i'm working on the encrypted password for the -p parameter now...
-
quote:
Originally posted by Stryker:
well then bash it is. I got apache to execute useradd... put i'm working on the encrypted password for the -p parameter now...
Did you do it with suexec?
-
quote:
Originally posted by void main:
Did you do it with suexec?
nope, it's sudo... i looked at the /etc/sudoers and it explained what i needed.
You have any idea how i can go about encypting the password so that it will work with useradd -p?
-
Why not just add the user with "adduser" and set the password with "passwd"? Something like:
echo "$password" | sudo /usr/bin/passwd --stdin $username
[ November 02, 2002: Message edited by: void main ]
-
quote:
Originally posted by Ex Eleven / b0b 2.1:
Id make a PHP script if i was doing that!
i'm on a perl page now and am having problems... this is what i have.
system("echo","$form{'pass'}","|","sudo","passwd","--stdin","$form{'user'}");
nevermind... i got it now... sorry
[ November 02, 2002: Message edited by: Stryker ]
-
quote:
Originally posted by Stryker:
system("echo","$form{'pass'}","|","sudo","passwd","--stdin","$form{'user'}");
You should just be able to do:
system("echo \"$form{'pass'}\" | sudo passwd --stdin $form{'user'}");
[ November 02, 2002: Message edited by: void main ]
-
quote:
Originally posted by void main:
You should just be able to do:
system("echo \"$form{'pass'}\" | sudo passwd --stdin $form{'user'}");
[ November 02, 2002: Message edited by: void main ]
yeah... i figured that out right after posting.
In the past i've had commands not work that way though, so i didn't think of trying. well, thanks for the help.
-
repaired