the one you posted is created with crypt() (see crypt in the php manual)
Michelle Konzack wrote:
Hi Rory,
Am 2005-09-03 17:04:19, schrieb Rory Browne:
I'm not totally sure on the format of the passwords in /etc/shadow,
but can you do anything with php's md5 function? If not, then perhaps
the mcrypt extension may do something for you.
Unfortunatly not, because
echo -n "michellesecret" |md5sum
or
md5("michellesecret")
produce: 28c2f05403caaa750df55efadeebd9ed
but in /etc/shadow you find: $1$.NV7oLhO$Gj/ztvspUcpcJ5iUJiXNo0
I do not find the right syntax and options to produce the later string.
First of all you inform your client that they are insane. Running
apache as root is completely unnecessary.
Who tell you this?
I have gotten this job because the original (external) maintainer
of the systems is not more availlable. The systems are horrible!
I need to reinstall from scratch.
to perform the above I'd use a combination of
suExec/suPHP/somethingLikeThat and sudo. I'd create a user called
I have no experience with it...
webuserman (Web User Manager), or something like that, and have the
script run as webuserman. I'd change the useradd..... to sudo
useradd....., and mod the /etc/sudoers file to allow webuserman user
to call the useradd command as root(through sudo).
OK, I wil check suExec and suPHP out.
If you are a lazy bastard, with very little concern for security(which
it seems you're not), you could simply run the script as www-data, and
have sudo allow www-data to do an adduser. I would oppose this
however, in that any php script would be able to use it.
OK, this is what I have curently and it works fine but security...
The users have there ~/public_html so they can addusers as they like.
I think, its not so good.
Also make sure you escape your shell arguments.
:-)
Greetings
Michelle
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
