Re: [PHP] Root Commands

2003-02-21 Thread Patrick Armour
IL PROTECTED]> Cc: "Patrick Armour" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, February 20, 2003 8:30 AM Subject: Re: [PHP] Root Commands > I would highly recommend against doing this, this would work but it > would open you up to allowing your webserver

Re: [PHP] Root Commands

2003-02-20 Thread Adam Voigt
Yeah, it's a bad idea, but he wants to be able to add email accounts to the system, and not have to use a database for his mail users. So there you go. On Thu, 2003-02-20 at 09:30, Jason Sheets wrote: I would highly recommend against doing this, this would work but it woul

Re: [PHP] Root Commands

2003-02-20 Thread Jason Sheets
I would highly recommend against doing this, this would work but it would open you up to allowing your webserver user/php to add any user to your system. This is beyond a bad idea. Jason. On Thu, 2003-02-20 at 06:46, Adam Voigt wrote: > Check out "sudo", with man pages or what not, you use > the

Re: [PHP] Root Commands

2003-02-20 Thread Adam Voigt
Check out "sudo", with man pages or what not, you use the command "visudo" to define who can run what commands as root. And then in your php, you just do: exec("sudo adduser"); With whatever parameters you need to adduser. On Wed, 2003-02-19 at 18:37, Patrick Armour wrote: I

RE: [PHP] Root Commands

2003-02-19 Thread CodersNightMare
ursday, 20 February 2003 11:36 AM To: Jason Sheets Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Root Commands Great idea. However, that opens up a whole other can of worms that I'm not really prepared to dive into yet. I searched php.net for the setuid function, but didn't find anything. Is

RE: [PHP] Root Commands

2003-02-19 Thread Luke Woollard
setuid is a UNIX command. try 'man setuid' on a *nix box.. LW -Original Message- From: Patrick Armour [mailto:[EMAIL PROTECTED]] Sent: Thursday, 20 February 2003 11:36 AM To: Jason Sheets Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Root Commands Great idea. However, that

Re: [PHP] Root Commands

2003-02-19 Thread Patrick Armour
al Message - From: "Jason Sheets" <[EMAIL PROTECTED]> To: "Patrick Armour" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, February 19, 2003 6:27 PM Subject: Re: [PHP] Root Commands > Most ways require a program > a with root access

Re: [PHP] Root Commands

2003-02-19 Thread Jason Sheets
Most ways require a program a with root access to execute (setuid root) this is very insecure. I would look at enabling your email program to get the account information from a database like mysql or postgres, that way you need just insert a record into the database. Jason On Wed, 2003-02-19 at 1