-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
A C wrapper running setuid root? I guess there's less chance of getting a 'bad' username to execute arbitrary commands, but at the same time I wonder about the possiblity of exploiting overflows, but that'd be much harder. (hmm, if the C program shells to adduser anyway the same problem is there?) I dunno, personally I dont like the idea of _anything_ needing root.. S On Tuesday 15 October 2002 3:51 pm, Tim Monaghan wrote: > Is it better to use a c wrapper to do this? thats what Ive always done. > Which is more secure? > > Tim > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Custom Programming > Web Programming community & discussion > http://www.inter-apps.com > > > > ----- Original Message ----- > From: "Shane Wright" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, October 15, 2002 9:36 AM > Subject: Re: [PHP] Adding users to a linux system? > > > > you need to be root to add users - and your web server is most likely not > runings as root (certainly shouldn't be!!) > > To make this work, add the user apache runs under to /etc/sudoers (look at > the sudo man page), > > then change the command you have to this... > > sudo /usr/sbin/adduser -g mel -d /dev/null -s /bin/false -p $pass $usuario > > > That will use sudo to run adduser as root. > > btw - try to only allow sudo access for the apache user, and only to use > the command adduser (e.g. NOT rm or anything else dangerous..) > > Also, make very sure that $paqss and $usuario contain only alphanumeric > characters; no backticks or quotes or anything. > > > Hope that helps > > Cheers > > Shane > > On Tuesday 15 October 2002 2:16 pm, :: wkwrz entertainment :: wrote: > > $creador = "/usr/sbin/adduser -g mel -d /dev/null -s /bin/false -p $pass > > $usuario"; > > $creador = exec($creador); > > echo $creador; > > > > > > I HAVE THIS, BUT IN THE APACHE LOG FILE I HAVE THIS: > > adduser: unable to lock password file > > > > > > what should i do to run the $creador sucefully? - -- Shane http://www.shanewright.co.uk/ Public key: http://www.shanewright.co.uk/files/public_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9rDKV5DXg6dCMBrQRAn5JAJ90z11UFAUQ7KBgGIC5OdWJH8XlvwCggqQ6 En4ZsJ31Y617D2IdfDou6pI= =26WP -----END PGP SIGNATURE----- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
