create a unix user w/ php

uidzer0

hey everyone,

can anyone lead me into the right direction here. I am trying to create a script that will create a unix user from the web. Can this be done?

thanks,

Ben

trininox

I dont know enough about the OS but if theres some file(s) you can edit then its possible otherwise i think it might require a shell script along with php to do it, at least i think thats how its done.

uidzer0

i wouldn't have a problem running a shell script to do the user creation but then i would also need some sort of a way to set the user password via cmdline arguments or can i pass these to stdin somehow?

bubblenut

Remember you only have the permissions of whoever is running the script, in the case of being called through a browser, that would be the webserver.
HTH
Bubble

uidzer0

thats fine, this will all be internal so security isn't a huge risk

trininox

depending on the install make sure the apache server user/group has permissions sometimes its run as nobody, but it can also be run under its own username group, apache/apache

anyway point being 🙂 permissions... but be aware that if anyone else is running scripts ont he server they too have those permissions

Did i mention soon as you come up with these scripts i'd like a copy 🙂 if i dont beat ya too it.. but i dont have a linux platform or know how as of yet to do it.

dkittell

Wrong syntax but something like below should work

system ("su");
system (" rootpwd");
system (" useradd testuser");
system (" passwd testuser");
system (" testuser");
system (" testuser");

dkittell

revised idea

function syscall($command){
if ($proc = popen("($command)2>&1","r")){
while (!feof($proc)) $result .= fgets($proc, 1000);
pclose($proc);
return $result;
}
}
echo "<pre>".syscall('useradd testuser -p testpassword')."</pre>";

Still not quite right but getting there

MarkR

You can't easily do this without either:

Writing or creating something which will change user ID to root
OR
Running Apache and PHP as root

The latter might be acceptable if your site is very tightly locked down (You won't want any non-root users to be able to create web pages in this server, nor will you want to run any other web app on the same one).

The easiest way to do it ass non-root is to create a program to create the user and set the password etc (e.g. in C, shell script or sommething), then using "sudo", grant the web user access to execute this program as root.

Of course you need an adequate mechanism of preventing other (e.g. shell, PHP) users on the same machine abusing this system. Running the whole lot as a different UID (including Apache) that they have no access to is recommended.

Mark

NogDog

Probably I'd look into creating a shell script owned by root that does the user stuff. Then setuid on that script, and make sure it's executable by the user account that will be running your PHP script.

MarkR

NogDog: I should point out that not all flavours of Unix support set-uid shell scripts. This includes Linux.

It is still possible to run the script via sudo though but a great deal of care needs to be taken to ensure it's not exploitable.

I've done something similar before by writing a small C helper program which validates its arguments, clears the environment etc, before invoking adduser.

Mark

richie

Another thought is to use php to write to a file.
You then setup a cronjob that runs that file as a script every so often.

Not a very efficient way if you don't add users often. But it's an idea nevertheless.