|
I would be VERY weary at letting apache run useradd, it can get you into a heap of trouble. What's your application? Maybe we can find a better, more secure way of doing it?
To make useradd callable by php you need to chown it, as well as make /etc/shadow and /etc/passwd writeable by the nobody user, which is super dangerous.
And by having that callable by a web page is like hiring a locksmith to sit outside your house and hand out keys to whomever asks for them.
"Why? I only run a little web site on a dynamic IP who cares?" Well, I run a weblog site on my dynamic IP too, and checking /var/log/messages daily I can tell you that I get around 1 *serious* break in attempt per weak, at least; one was brute-force attack from Singapour that lasted 3 weeks!
Paranoia is good.
Last edited by michaelsanford; 04-15-2005 at 03:23 PM.
|
