Mark Lo wrote:
> I would like to know how to use the exec command to assign a new
> users. I have sent out this questions so many times, but doesn't get any
> reply. Does It means this is ridiculous to assign a new system user using
> PHP EXEC command.
Pretty much, yeah.
It's a pretty risky way to run a computer -- You are hanging out a "hack
me" sign on the front door.
Still, here are the things you need to be aware of:
#1. This should only be done over HTTPS (SSL) so that new
username/password values cannot be sniffed.
#2. The Un*x 'passwd' command requires that the user be on a "real" TTY
terminal, and cannot be called via exec. This means that you will have to
maybe do some voodoo magic in a shell to write a script to "fool" passwd
into thinking you really are a real human on a real TTY doing this, *OR*
you can queue up the 'passwd' commands to be executed later by a real human
or a cron job or something similar, *OR* you *COULD* munge /etc/passwd and
the shadow password file directly if you were a real guru.
#3. No matter how much you automate this, you *REALLY* need to pay
attention to the users being added to your box and what they are doing.
#4. It *CAN* be done, and it *HAS* been discussed, and the answers you
seek *ARE* in the archives.
#5. If you don't understand all of the above, and way, way, way more, then
you really should *NOT* be doing this -- It's an extremely risky tricky
idea, and if you don't have a deep and full understanding of what you're
doing, you're likely to make your box completely insecure.
Like music? http://l-i-e.com/artists.htm
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]