RE: [PHP] adding unix account via system command

tim tom mailto:[EMAIL PROTECTED] scribbled; Dear Marek, Where do find that? I am no C programmer. -- tim --- Marek Kilimajer [EMAIL PROTECTED] wrote: It's a shell script, and your shell drops root privileges. Use a shell that doesn't or use a C-wraper. Make yourfile.c and put this

RE: [PHP] adding unix account via system command

!!!WARNING - WARNING - WARNING - WARNING - WARNING!!! This will mean ANYONE can run this program AS ROOT. Read up on SUID. !!!WARNING - WARNING - WARNING - WARNING - WARNING!!! Make yourfile.c and put this in: main(argc,argv) int argc; char **argv; { execv(/your/program/here, argv);

Re: [PHP] adding unix account via system command

Dear Marek, Where do find that? I am no C programmer. -- tim --- Marek Kilimajer [EMAIL PROTECTED] wrote: It's a shell script, and your shell drops root privileges. Use a shell that doesn't or use a C-wraper. tim tom wrote: Dear Pete, Yes, apache runs as nobody. But I have setuid

Re: [PHP] adding unix account via system command

It's a shell script, and your shell drops root privileges. Use a shell that doesn't or use a C-wraper. tim tom wrote: Dear Pete, Yes, apache runs as nobody. But I have setuid add.sh. Wouldn't that be sufficient ? -- tim --- Peter Houchin [EMAIL PROTECTED] wrote: you need to make sure

Re: [PHP] adding unix account via system command

Personally, running a script directly from a website to add users is asking for security trouble.. I would have it write a adduser request to a file and then have a cron job parse that file everyt 5, 10 or 30 minutes or something looking for new users to add. This gets you around the SUID

RE: [PHP] adding unix account via system command

you need to make sure that the web has permission to use that file .. my guess is it don't have permission hence why you can run add.sh from the command line (where your not your web user I'm assuming). -Original Message- From: tim tom [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 18

RE: [PHP] adding unix account via system command

Dear Pete, Yes, apache runs as nobody. But I have setuid add.sh. Wouldn't that be sufficient ? -- tim --- Peter Houchin [EMAIL PROTECTED] wrote: you need to make sure that the web has permission to use that file .. my guess is it don't have permission hence why you can run add.sh from the

RE: [PHP] adding unix account via system command

To: Peter Houchin; [EMAIL PROTECTED] Subject: RE: [PHP] adding unix account via system command Dear Pete, Yes, apache runs as nobody. But I have setuid add.sh. Wouldn't that be sufficient ? -- tim --- Peter Houchin [EMAIL PROTECTED] wrote: you need to make sure that the web has permission