I am looking to do like Hotmail, or Yahoo!, or Mail.com, or any of the
other places do. I can go sign up on their site and immediately have an
e-mail account that I can start using. No admin has to take the time to
create my account for me.
You do understand that these hosts have MAJOR
Richard,
Very good point, and you are correct, I am not looking to hire an army and
spend tons of time and money on it.
I have since rethought this, thanks in part to this thread. I have
decided to go with something more secure. Since I have a database of
users already for the site on
Ok, so this is what I have done:
*-*-*-*-*-*-*-*-*-*-*
$idResults = `sudo -u admin ssh [EMAIL PROTECTED] id usertocheck 21`;
echo id: (.$idResults.)\r\n.\r\n;
if (ereg(no such user, $idResults)) {
echo 'id blah!';
}
*-*-*-*-*-*-*-*-*-*-*
And, here are the results that I get when I access
Jonathan Duncan wrote:
I will also be doing a remote command to add a user to the remote
system (ServerB) from the same PHP script.
If you want to manage a server via web interface, dont reinvent
the wheel. Use webmin, by example.
Webmin runs a mini webserver as root (on port 1),
and uses
Christophe,
I see where you are coming from with that, but the purpose of this script
is to remove me from the picture completely. I want someone to be able to
come sign up on my site and automatically be added as a mail user and
other things so that I do not need to do that kind of thing.
I
Hi!
Have you thougt of writing the userdata to a database and running a perl
script by cron to do the rest? This would be an interesting opinion for
security purpose.
Stefan
-Ursprüngliche Nachricht-
Von: Jonathan Duncan [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 3. Dezember 2004
Jonathan Duncan wrote:
Ok, so this is what I have done:
*-*-*-*-*-*-*-*-*-*-*
$idResults = `sudo -u admin ssh [EMAIL PROTECTED] id usertocheck 21`;
echo id: (.$idResults.)\r\n.\r\n;
if (ereg(no such user, $idResults)) {
echo 'id blah!';
}
*-*-*-*-*-*-*-*-*-*-*
So what I wanted to
This is in reply to both Stefan and Richard,
I gave it some brief thought in the past, but brushed it off as not as
convenient. However, rethinking about it, it may actually be more
secure. H, darn it, now you have me thinking again. Security is a
big concern for me. As it is now, the
On Saturday 04 December 2004 02:47, Jonathan Duncan wrote:
[snip]
rethink my strategy. Thanks to everyone. Richard, I consider myself a
highly security conscious person, but you are making me
think more like a criminal, and that is good. Security is very important.
In that case may I
Jason,
Such as? I assume you have something in mind.
That would certainly be nice. I am not against considering it. Although I
am somewhat tied to sendmail as that is what my hosting provider supports
and also what I am familiar with.
Jonathan
Jason Wong [EMAIL PROTECTED] wrote in
On Saturday 04 December 2004 05:33, Jonathan Duncan wrote:
Such as? I assume you have something in mind.
That would certainly be nice. I am not against considering it. Although I
am somewhat tied to sendmail as that is what my hosting provider supports
and also what I am familiar with.
Gryffyn, Trevor wrote:
If it's a un*x system and you have permissions to connect to the SMTP
server, you could use the VRFY command to check to see if their email
address exists or not maybe:
Example of Verifying a User Name
Either
S: VRFY Smith
On Thursday 02 December 2004 23:32, Gryffyn, Trevor wrote:
If it's a un*x system and you have permissions to connect to the SMTP
server, you could use the VRFY command to check to see if their email
address exists or not maybe:
Just want to point out that this behaviour is dependent on the
Well, I can honestly say I had not thought of doing it that way. I will
keep that as an option. Thanks.
Jonathan
On Thu, 2 Dec 2004, Gryffyn, Trevor wrote:
If it's a un*x system and you have permissions to connect to the SMTP
server, you could use the VRFY command to check to see if their
If it's a un*x system and you have permissions to connect to the SMTP
server, you could use the VRFY command to check to see if their email
address exists or not maybe:
Example of Verifying a User Name
Either
S: VRFY Smith
R: 250 Fred Smith
Yeah, this is definitely a maybe solution and depends on a few things
being right. But if the alteratives are using su ANYTHING commands
and if just asking the SMTP server produces accurate results, then it
seemed like it was worth mentioning.
But the few people who have pointed out that this
On Wed, 1 Dec 2004 17:57:28 -0700, news.php.net [EMAIL PROTECTED] wrote:
Anyone else doing or done something like this?
I use sudo when my web server needs temporary elevated permissions.
--
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/
--
PHP General
Perhaps this gets more into server administration, but it is mixed so much
into the php script, which is why I am asking it here.
Yes, sudo was one of my first thoughts. As far as the implementation goes
though. How do you work the remote access bit? Using ssh do you use the
ssl cert switch
I have put this in my sudoers file using visudo to edit it:
www ALL = NOPASSWD: /usr/local/bin/sudo puser, (puser) NOPASSWD:
/usr/bin/ssh /usr/bin/id
However the www user is still being asked for a password.
Is this too off topic for this list?
Jonathan
Jonathan Duncan [EMAIL PROTECTED]
Looks like I was missing a comma after the ssh command and before the id
command.
Jonathan
Jonathan Duncan [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I have put this in my sudoers file using visudo to edit it:
www ALL = NOPASSWD: /usr/local/bin/sudo puser, (puser) NOPASSWD:
20 matches
Mail list logo