vuthecuong wrote:


Hi all
My server is centos 5.1 with php 5.1.6.
In my app I want apache to add user through sudo.

My sudoers file is:
%apache ALL=(ALL) NOPASSWD: ALL
%tony ALL=(ALL) NOPASSWD: ALL

My test.php í:
<?php
$username="hixhix";
system("/usr/bin/sudo /usr/sbin/useradd -s /sbin/nologin -M
$username",$returnvalue);
echo "return value: $returnvalue";
However, user 'hixhix' not created by apache at all, it always returned 1.
how can I make my apache tu add user using sudo?
Please help me. I need your help.
Thanks and regards.

That's not a very secure sudoers file.

But you probably don't want to use sudo to this anyway.

What you probably should do is write a shell script (IE w/ perl) that is suid root and executable by apache that adds the user to your system.

I don't know what your sudo error is, but have you looked at your sudo log file?

Make damn sure you validate the $username variable whatever solution you end up using.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to