On 11/7/05, Tino Wildenhain <[EMAIL PROTECTED]> wrote:
ajit mote schrieb:
> this is what i tried ....
> #External script addUser.py (stored in instance/Extensions folder)
> import crypt
> import os
> def addUser(userName,password):
>         password=crypt.crypt(password,"5Ag5zoM9")
>         command="/usr/sbin/adduser -p "+password+" "+ userName
>         return os.system(command)

Heaven! Is this external method available via web? If so
be prepared for massive attack :-)
That aside you may consider md5 instead of crypt to make
it not too easy to crack (otoh, its not really important
as your script really allows for any command)
>      as we are going to use application only in intranet .....
         we are developing this web application only for our purpose ie. using only inside our firm....       
         my sys admin allow me to do this ....
         so no security problem ....

> ///////////////
>  attaching the application ....
>      exported from zope2.8.1 ,python-2.3.4-11,mysql-3.23.58-13 and
> Linux  2.6.9-1.667 ....
> ////////////////////////
> now i hope that , problem defination is very clear and open......
> ///////////////////

Well no, at least not your "it does not work" problem you told us.

Still missing: the call to the script as "User which runs zope"
which might be zope or nobody or something, depending on your
configuration and the way you start zope.

Add the following lines to your external method and you can
run it as script too:

if __name__=='__main__':
    import sys
         user=sys.argv [1]
    except IndexError:
         sys.stderr.write("Please start me with %s <username>
<password>\n" % sys.argv[0])


and try it like this:

su zope (or whoever your zope runs)
./yourmethod.py someuser somepass

You will see it fail (apart from the fact you need
the #!/path/to/python.bin and set the execution bit
with chmod a+x before you try)

 >   i tried using another user outside of zope .....
     working very well(adding user to system)....
     owner of external method is root and set_user_id bit is set.....
     but problem is when i run attached app it is not adding user ....

Because you did not use sudo as adviced.

Please try to copy the way mails are cited from other
mails in this list. Dont put all your text on the
top of a full quote. Thank you.


>    i am really sorry for the same....


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to