Mark Lo wrote:

>      I would like to know how to use the exec command to assign a new
>      system
> users.  I have sent out this questions so many times, but doesn't get any
> reply.  Does It means this is ridiculous to assign a new system user using
> PHP EXEC command.

Pretty much, yeah.

It's a pretty risky way to run a computer -- You are hanging out a "hack 
me" sign on the front door.

Still, here are the things you need to be aware of:

#1.  This should only be done over HTTPS (SSL) so that new 
username/password values cannot be sniffed.

#2.  The Un*x 'passwd' command requires that the user be on a "real" TTY 
terminal, and cannot be called via exec.  This means that you will have to 
maybe do some voodoo magic in a shell to write a script to "fool" passwd 
into thinking you really are a real human on a real TTY doing this, *OR* 
you can queue up the 'passwd' commands to be executed later by a real human 
or a cron job or something similar, *OR* you *COULD* munge /etc/passwd and 
the shadow password file directly if you were a real guru.

#3.  No matter how much you automate this, you *REALLY* need to pay 
attention to the users being added to your box and what they are doing.

#4.  It *CAN* be done, and it *HAS* been discussed, and the answers you 
seek *ARE* in the archives.

#5.  If you don't understand all of the above, and way, way, way more, then 
you really should *NOT* be doing this --  It's an extremely risky tricky 
idea, and if you don't have a deep and full understanding of what you're 
doing, you're likely to make your box completely insecure.

Like music?

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to