If you are using apache and php then when php runs the exec function
then it is running the the user/group of the apache process.
Here is what I might suggest doing. Have a registration form that
submits the user's information to another process that logs the
information (make sure to validate all information that is recieved).
Then have a cron job or something that runs as root process the valid
user requests and creates the accounts for you outside of apache and
then sends and email notification to the user stating that the account
has been set up. Then provide a link to activate that account. If the
account is not activated within a desired account then that account
needs to be deleted immediately.
These is just something off the top of my head. There needs to be tons
of time put into this and planned out or your box will become a hackers
haven.
--
Ray
On Wed, 2003-10-01 at 09:54, Nabil wrote:
> hi all;
>
> - When i run php.. what user am i using ? is it apache user (nobody) ??
> - How can i execute useradd command from php ? should i write it in
> pearl/cgi ??
> - I want to grant my user on my web a free pop account (or webmail) so i
> need to create an user with bin/false so he has no shell login but pop login
> ... how can i do this by php.. as exec('useradd ...
> couldn't be done only by root ..... what user should i do ? what solution ..
> i googled for virtual popuser .. and i didn't manage .. so i decided to do
> it this way
> any comment ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
