| Forum: Geek Forum Topic: Helpful person with CGI scripts / Linux ? started by: t|nt|n  Posted by t|nt|n on Nov. 26 2001,14:54Hey, do any of you know whether it is possible to write a CGI script to add users in linux and to set up their directories automatically in Linux. I need to do this in order to give the users of the webpage for my project their own webspace. If any of you would be good enough to enlighten me I would be very much obliged !! Thanks  Posted by Beldurin on Nov. 26 2001,15:33Pardon me if I'm way off, I do mostly PHP nowadays and my Perl is a bit rusty, but you'd just need to use either a version of the system() command or perhaps the backtick ` operator to execute a system adduser command with the username as an embedded variable.  Then you'd just have to have the groups set up beforehand.  The directories and .htaccess stuff (if necessary) can be created with other system commands. Be careful though, because this would require allowing an web user to create logins on your box...not exactly a wonderful idea with regards to security. P.S. If I'm full of shit, please let me know ------------------  Posted by t|nt|n on Nov. 26 2001,15:49lol, I am sure you aren't full of shit. Security is not an issue in the project. It just has to work !!! It will only be used once by a lecturer and then probably files away in the dark dungeon of the college It is really wrecking my head as I can't use linux so I am trying to learn and do this project at the same time !  Posted by Beldurin on Nov. 26 2001,16:34What are you writing this CGI script in?  Perl?  If so, damien_s_lucifer is prolly the one you'd want to get ahold of. But you'd basically write a form that the prof could enter a username on then write something like (this is PHPese): $command = "adduser $username -p $password -g [group]"; That's the basic idea anyway. You'll have to set up the group and group permissions ahead of time, of course. edit: forgot second system call This message has been edited by Beldurin on November 27, 2001 at 11:46 AM  Posted by chmod on Nov. 26 2001,18:06I know security has already been mentioned... But there's a lot more vulnerability involved besides just giving the power of creating logins. In the future keep in mind that you should never use a system() call with a variable in the command, because someone could add a ; to the data followed by any command they wanted, and the shell would most likely execute it, possibly wreaking havoc... It's good practice to filter with regexps for that reason. This message has been edited by chmod on November 27, 2001 at 01:06 PM  Posted by damien_s_lucifer on Nov. 26 2001,19:40First thing: regardless of what language you use, your program *must* run as root in order to add or modify users.  Unix has a feature called SUID (Set User ID) that will allow you to make a program run like this. If you have a script called "adduser.cgi", you'd run the following commands as root to make it SUID : chown root adduser.cgi Note that if you modify adduser.cgi in any way, the SUID bits will be disabled, and you'll have to run the chmod command again. Beyond that, it depends on what language you use. Since you're pressed for time, go with what you know... at some point you'll have to use the Unix useradd command to create the user, so you'll want to pull up the man page for that and study it carefully. I don't know about PHP, but Perl will automatically places any script running SUID in "taint mode," so read up on that if you're using Perl. Your best bet may be to write a small C wrapper for useradd. Have it run SUID, and let the rest of your script run normally.  Posted by Beldurin on Nov. 26 2001,23:15 quote: Good point. My dumb ass completely forgot to mention that. Just do a regexp check for a semicolon which shouldn't be in a username anyway. ------------------  Posted by schnarf on Dec. 02 2001,20:48With each variable: [code] if($variable =~ /;/  { die "NO SEMICOLONS EVER STFU PLZ KTHXBYE "; } [code] Or it might be ~= and you might have to escape the first semicolon. Bleh, I really need to brush up on my Perl, I haven't coded in Perl for over a year, I'd estimate. |