I understand the implications this could cause and appreciate your concerns.
This is on a test machine on a secure network that I've set up just to get
me through the learning process. Eventually this form will be in a secure
area of the site that only staff have access to.
The script will add a username and password to the system using
$command=("sudo adduser -p $password $username);
system($command . "&> error.txt ");
The problem I am having, is that the password is written to the shadow
passwords file using plain text. (this also happens when I issue the same
command from the command line) What I need is to be able to issue the
'password' command and pass the variables to it. The first part is fairly
easy: $addpass="sudo passwd $username"; Where I'm running into problems
now is, the password command prompts twice for the correct password. When I
try to send $password to the shell, the shell thinks they are seperate
commands. Any suggestions to get around this?
Thanks for your help.
Patrick
----- Original Message -----
From: "Jason Sheets" <[EMAIL PROTECTED]>
To: "Adam Voigt" <[EMAIL PROTECTED]>
Cc: "Patrick Armour" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, February 20, 2003 8:30 AM
Subject: Re: [PHP] Root Commands
> I would highly recommend against doing this, this would work but it
> would open you up to allowing your webserver user/php to add any user to
> your system. This is beyond a bad idea.
>
> Jason.
> On Thu, 2003-02-20 at 06:46, Adam Voigt wrote:
> > Check out "sudo", with man pages or what not, you use
> > the command "visudo" to define who can run what commands
> > as root. And then in your php, you just do:
> >
> > exec("sudo adduser");
> >
> > With whatever parameters you need to adduser.
> >
> > On Wed, 2003-02-19 at 18:37, Patrick Armour wrote:
> >
> > I am trying to use a form (password protected of course) that will
> > allow an administrator to add POP accounts to a linux box. The
> > problem that I seem to have is that the form is trying to give the
> > commands as user 'nobody' and they need to be given by either root
> > or a superuser.
> >
> > Is there any way to accomplish this? If somebody were to point me
> > in the direction of a tutorial on this subject I would really
> > appreciate it.
> >
> > Sincerely,
> > Patrick Armour
> >
> > www.greatplainsinternet.com
> > --
> > Adam Voigt ([EMAIL PROTECTED])
> > The Cryptocomm Group
> > My GPG Key: http://64.238.252.49:8080/adam_at_cryptocomm.asc
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
