adding unix users through web interface.
Hi people, I am trying to write some php3 code to add dialup users to the unix passwd file, I am issuing the system command to run useradd , this didn't work because you need root permissions to running the command, so I thought, hmm i'll just build a wrapper and run it suid root (probable very bad, but anyway..) Now the wrapper get's the error cannot get file lock on /etc/passwd. Any tips on why this might be happening or a better way to solve to problem would be much appreciated. John Lynch System Administrator (string and tape specialist) Wise Net --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
I do this on a couple of servers. Don't use PHP, use an external scripting language via suEXEC CGI so that scripts run with different UID permission to the main http server - run a seperate http process on a different port if you have to. Then setup sudo so that the UID the script runs as can only run useradd (or whatever) - I use a /etc/sudoers config like this: usercode hostname = NOPASSWD: /usr/local/admin/restart_qmail.sh, \ /usr/local/admin/restart_apache.sh, \ /usr/local/admin/restart_bind.sh, \ /usr/local/admin/chpass.pl, \ /usr/local/admin/makeuser.sh Then, even if you do bugger up the scripts, and somebody gets control of them, worse they'll be able to do as root whatever you've given them access to. Cheers Si On Wed, Oct 03, 2001 at 01:05:11PM +1200, John Lynch said:
Hi people, I am trying to write some php3 code to add dialup users to the unix passwd file, I am issuing the system command to run useradd , this didn't work because you need root permissions to running the command, so I thought, hmm i'll just build a wrapper and run it suid root (probable very bad, but anyway..) Now the wrapper get's the error cannot get file lock on /etc/passwd. Any tips on why this might be happening or a better way to solve to problem would be much appreciated.
John Lynch System Administrator (string and tape specialist) Wise Net
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
If you have a look around there could be some software already available for things like this. I remeber someone showing me one. Quick search on google came up with this one : http://www.webmin.com/webmin/ So there must be others around There are script repositories like http://www.hotscripts.com/PHP/Scripts_and_Programs/ that could also be a good starting point. good luck Lin --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
John, I have a lovely script available. Contact me privately if you like. Infact my script also allows people to add Virtual Hosts :) Regards, Sahil Gupta NET4U Limited ------------------------------------ NET4U -- www.net4u.co.nz Home of the new - $24.95 128k ADSL Nationwide Internet Service Provider ------------------------------------ On Wed, 3 Oct 2001, John Lynch wrote:
Hi people, I am trying to write some php3 code to add dialup users to the unix passwd file, I am issuing the system command to run useradd , this didn't work because you need root permissions to running the command, so I thought, hmm i'll just build a wrapper and run it suid root (probable very bad, but anyway..) Now the wrapper get's the error cannot get file lock on /etc/passwd. Any tips on why this might be happening or a better way to solve to problem would be much appreciated.
John Lynch System Administrator (string and tape specialist) Wise Net
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (4)
-
John Lynch -
Lin Nah -
Sahil Gupta -
Simon Blake