[PHP] Root Commands

[Patrick Armour]

I am trying to use a form (password protected of course) that will allow an 
administrator to add POP accounts to a linux box.  The problem that I seem to have is 
that the form is trying to give the commands as user 'nobody' and they need to be 
given by either root or a superuser.

Is there any way to accomplish this?  If somebody were to point me in the direction of 
a tutorial on this subject I would really appreciate it.

Sincerely,
Patrick Armour
www.greatplainsinternet.com

Re: [PHP] Root Commands

[Patrick Armour]

Great idea.  However, that opens up a whole other can of worms that I'm not
really prepared to dive into yet.

I searched php.net for the setuid function, but didn't find anything.  Is
this a php function?  Do you know where any documentation on it is?

Thanks again
Patrick

- Original Message -
From: "Jason Sheets" <[EMAIL PROTECTED]>
To: "Patrick Armour" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, February 19, 2003 6:27 PM
Subject: Re: [PHP] Root Commands


> Most ways require a program
> a with root access to execute (setuid root) this is very insecure.
>
> I would look at enabling your email program to get the account
> information from a database like mysql or postgres, that way you need
> just insert a record into the database.
>
> Jason
> On Wed, 2003-02-19 at 16:37, Patrick Armour wrote:
> > I am trying to use a form (password protected of course) that will allow
an administrator to add POP accounts to a linux box.  The problem that I
seem to have is that the form is trying to give the commands as user
'nobody' and they need to be given by either root or a superuser.
> >
> > Is there any way to accomplish this?  If somebody were to point me in
the direction of a tutorial on this subject I would really appreciate it.
> >
> > Sincerely,
> > Patrick Armour
> > www.greatplainsinternet.com
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Root Commands

[Patrick Armour]

I understand the implications this could cause and appreciate your concerns.
This is on a test machine on a secure network that I've set up just to get
me through the learning process.  Eventually this form will be in a secure
area of the site that only staff have access to.

The script will add a username and password to the system using
$command=("sudo adduser -p $password $username);
system($command . "&> error.txt ");

The problem I am having, is that the password is written to the shadow
passwords file using plain text.  (this also happens when I issue the same
command from the command line)  What I need is to be able to issue the
'password' command and pass the variables to it.  The first part is fairly
easy:  $addpass="sudo passwd $username";  Where I'm running into problems
now is, the password command prompts twice for the correct password.  When I
try to send $password to the shell, the shell thinks they are seperate
commands. Any suggestions to get around this?

Thanks for your help.

Patrick
- Original Message -
From: "Jason Sheets" <[EMAIL PROTECTED]>
To: "Adam Voigt" <[EMAIL PROTECTED]>
Cc: "Patrick Armour" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, February 20, 2003 8:30 AM
Subject: Re: [PHP] Root Commands


> I would highly recommend against doing this, this would work but it
> would open you up to allowing your webserver user/php to add any user to
> your system.  This is beyond a bad idea.
>
> Jason.
> On Thu, 2003-02-20 at 06:46, Adam Voigt wrote:
> > Check out "sudo", with man pages or what not, you use
> > the command "visudo" to define who can run what commands
> > as root. And then in your php, you just do:
> >
> > exec("sudo adduser");
> >
> > With whatever parameters you need to adduser.
> >
> > On Wed, 2003-02-19 at 18:37, Patrick Armour wrote:
> >
> > I am trying to use a form (password protected of course) that will
> > allow an administrator to add POP accounts to a linux box.  The
> > problem that I seem to have is that the form is trying to give the
> > commands as user 'nobody' and they need to be given by either root
> > or a superuser.
> >
> > Is there any way to accomplish this?  If somebody were to point me
> > in the direction of a tutorial on this subject I would really
> > appreciate it.
> >
> > Sincerely,
> > Patrick Armour
> >
> > www.greatplainsinternet.com
> > --
> > Adam Voigt ([EMAIL PROTECTED])
> > The Cryptocomm Group
> > My GPG Key: http://64.238.252.49:8080/adam_at_cryptocomm.asc
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php