Michael A. Peters wrote:
> vuthecuong wrote:
>> Hi all
>> My server is centos 5.1 with php 5.1.6.
>> In my app I want apache to add user through sudo.
>> My sudoers file is:
>> %apache ALL=(ALL) NOPASSWD: ALL
>> My test.php í:
>> <?php
>> $username="hixhix";
>> system("/usr/bin/sudo /usr/sbin/useradd -s /sbin/nologin -M
>> $username",$returnvalue);
>> echo "return value: $returnvalue";
>> However, user 'hixhix' not created by apache at all, it always returned
>> 1.
>> how can I make my apache tu add user using sudo?
>> Please help me. I need your help.
>> Thanks and regards.
> That's not a very secure sudoers file.
> But you probably don't want to use sudo to this anyway.
> What you probably should do is write a shell script (IE w/ perl) that is 
> suid root and executable by apache that adds the user to your system.
> I don't know what your sudo error is, but have you looked at your sudo 
> log file?
> Make damn sure you validate the $username variable whatever solution you 
> end up using.
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
Yeah I know my script don't care at all about security. I'm keeping it fot
the sake of simplicity.
After making it 'work', I will take a look seriously about security.
So, why it not create user for me?
thanks and regards
View this message in context: 
Sent from the PHP - General mailing list archive at Nabble.com.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to