At 05:13 PM 07/25/2001 +0530, KK wrote:
>Hello Alessandro Lenzen -
>
>I tried that. The perl script with the "adduser" command is getting executed
>if I execute it from the command prompt when I am logged in as "root", but
>the same script script doesn't get executed from the browser. The web server
>error_log file doesn't show any error description. Following is a sample
>perl script:
adduser requires root priviledges, which your webserver does not have.
Personally, I think that running root programs like adduser (or anything
else that messes with the passwd file) via a CGI script is way too freaky
to recommend in practice. It would probably require running your script
setuid root, which is doubly freaky.
Off the top of my head, perhaps a more secure method would be to have your
CGI script serve as a "wrapper" to pass username/passwd data to another
script (which has root or sudo root execute permissions) which is located
outside the webserver/cgi root that actually performs the adduser functions.
Theres also a bunch of passwd authentication and manipulation modules on
CPAN too, but I haven't had any real world experience with them so I
couldnt attest to thier security.
HTH, aloha,
mel
--
mel matsuoka Hawaiian Image Productions
Chief Executive Alphageek (vox)1.808.531.5474
[EMAIL PROTECTED] (fax)1.808.526.4040
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
