LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 03-25-2013, 11:14 AM   #1
slufoot80
Member
 
Registered: Nov 2011
Posts: 61

Rep: Reputation: Disabled
Smile Add user to linux via web page - php


I am looking to add user via web page with the following code can anyone give me some example php code to add a user to a linux system, example bash script below

Code:
#!/bin/bash 
clear
# Script to add a user to this Linux system
if [ $(id -u) -eq 0 ]; then                                     # check if user is root
        read -p "Enter User Name : " username

        while [ -z $username ]|| egrep "^$username" /etc/passwd  1>/dev/null;
        do
        echo -ne "Either user exists or you entered a blank, enter username again: ";read -e  username
        done

        password=`</dev/urandom tr -dc A-Za-z0-9 | head -c8`

        echo -ne "\nPlease Enter your User ID Number: ";read -ern5 uid
        while [[ ! $uid =~ ^[0-9]+$ ]]||egrep $uid /etc/passwd >/dev/null; do
        echo -ne "Please re-enter your uid positive intergers only: ";read -ern5 uid
        done

        read -p "Enter a Comment : " comment
        commentstatic="Internal SFTP Account"

        read -p "Enter Users Home Directory : " homedir
        while [ ! -d "$homedir" ];
        do
        echo -ne "\n$homedir Directory Not Found! Please re-enter: "; read homedir
        done        

pass=$(perl -e 'print crypt($ARGV[0], "password")' $password) # passing the password entered
echo ""
        shell=/bin/bash                                                 # case statment for shell selection.
        useradd -u $uid -p $pass -c "$comment $commentstatic" -d $homedir -s $shell $username

        echo "Setting security on users home directory"
        chown $username:ftp $homedir                                    # security settings for both shells
        chmod 775 $homedir
        echo -e "$username" '\t' "$homedir" >> /etc/security/chroot.conf

clear
echo -e "\n\tThis users login details is as follows: \n"
echo -e "\n\tUsername is: $username \n"
echo -e "\tPassword is: $password \n"
echo -e "\tUser's ID Number is: $uid \n"
echo -e "\tComment is: $comment $commentstatic \n"
echo -e "\tUsers Home Directory is: $homedir \n"
echo -e "\tUsers Shell is: $shell \n"
fi
STOPM=`date -u "+%s"`
RUNTIMEM=`expr $STOPM - $STARTM`
if (($RUNTIMEM>59)); then
TTIMEM=`printf "%dm%ds\n" $((RUNTIMEM/60%60)) $((RUNTIMEM%60))`
else
TTIMEM=`printf "%ds\n" $((RUNTIMEM))`
fi
echo -e "\tExecuting "script function" took: $TTIMEM\n"
 
Old 03-25-2013, 12:22 PM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 2,283

Rep: Reputation: 590Reputation: 590Reputation: 590Reputation: 590Reputation: 590Reputation: 590
Not securely.

The problem can be done... depending on the system (and configuration) you are using.

RH/Fedora isolate the web server even more for security purposes, and adding users to the system is one of the problems.

Using the web for this is not secure (too many easy things that could go wrong and leave your system wide open).

It can be done... but there is a significant difficulty in changing from the apache account (and limited privileges) to a higher privilege (root) to be allowed to add the user. All CGI scripts run as the apache user, and any switching to root will be granted to any use of the apache UID, so all web pages suddenly become vulnerable to attack.

To do it, you have to configure sudo to allow the apache UID to use it without a password (if if a password still used, then apache has to have the password in plaintext...). After that, the php code only has to collect the information, then invoke sudo to pass the parameters.

All in all - possible. But not securely.
 
Old 03-25-2013, 01:59 PM   #3
slufoot80
Member
 
Registered: Nov 2011
Posts: 61

Original Poster
Rep: Reputation: Disabled
what I want to do is

1) have the user change their password but I want to use a linux "/dev/urandom" to generate it and change it with no interaction from me or helpdesk ticket
 
Old 03-25-2013, 02:09 PM   #4
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 2,283

Rep: Reputation: 590Reputation: 590Reputation: 590Reputation: 590Reputation: 590Reputation: 590
Are they using a login via ssh?
Or is it just a browser login?
 
Old 03-25-2013, 02:18 PM   #5
slufoot80
Member
 
Registered: Nov 2011
Posts: 61

Original Poster
Rep: Reputation: Disabled
password change

Quote:
Originally Posted by jpollard View Post
Are they using a login via ssh?
Or is it just a browser login?


Well they could login via ssh or sftp so I want for them to change their own password, i.e.

1) they forgot their password then they can make request to change it, get a webpage link, click on it and change their password without any interaction from me and it will delete it and and get the password from "/dev/urandom" set it and display it back to them securely but also I want it logged somewhere or maybe somekind of approval maybe from help desk
 
Old 03-25-2013, 03:13 PM   #6
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 2,283

Rep: Reputation: 590Reputation: 590Reputation: 590Reputation: 590Reputation: 590Reputation: 590
Quote:
Originally Posted by slufoot80 View Post
Well they could login via ssh or sftp so I want for them to change their own password, i.e.

1) they forgot their password then they can make request to change it, get a webpage link, click on it and change their password without any interaction from me and it will delete it and and get the password from "/dev/urandom" set it and display it back to them securely but also I want it logged somewhere or maybe somekind of approval maybe from help desk
If approval from help desk is required (not unreasonable), then why use a web page other than to generate a random string?

So how are you going to authenticate the web page? And you do get the irony of "display it back to them securely" right? A displayed password is not a secure password.

And practice shows that random passwords will get written down.

Also, if you have a number of remote users why not use kerberos? - Then you can specifically authorize the user support personnel with the ability to change passwords. You also get the advantage that no passwords ever cross the network (other than when specifically changing the password - and that only happens between the user/help desk and the KDC).
 
1 members found this post helpful.
  


Reply

Tags
bash scripting, php


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
add a click-able map to a web page faizlo Linux - Software 1 02-27-2012 09:09 PM
Svn + php Web page puneetbrar Linux - Newbie 4 07-19-2011 08:53 AM
Resetting user passwords through php web page sushantchawla2005 Linux - Server 9 07-10-2009 09:22 AM
executing linux commands from web page and outputing it back to the web page ashes_sheldon Programming 8 05-09-2009 07:19 AM
Setting a web page with php! mithras Linux - General 14 07-25-2003 04:25 PM


All times are GMT -5. The time now is 09:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration