Create user automatically via php web form
Hello all. Been a while since I've posted.
I'm working on a server project for me and some friends for data backup and storage.
I want to create local users from information collected in a web form I intend to create with php.
I will plan on having a database of user information so they can make some changes to their account. Not sure exactly what, but just to make it seem more offical.
I want to give them access to rsync (so ssh by default), ftp, owncloud and http of their own directories. I intend to use quotas to regulate the amount of storage space available to each user.
To the best of my knowledge, it is not possible to directly create a user via php do to privledge restriction. The only way I can think to do it is have the form store the information to a file and have a cron job create the account for me. I'm not sure how well this will work unless I tell the cron job to run frequently enough to make it convenient.
Does anyone have a better idea of how I might do this?
I'm aware of the possibility of using virtual users, but then I loose some ability to control quotas.
I'm sure you'll get other posts about ensuring security etc. However to achieve what you've asked I would suggest:
When users complete the form display: "Your account may take up to X minutes to set-up, you will receive an e-mail when this is completed".
Store the information in a file and run your cron job to create users every X minutes (could even be every minute I suppose) and then notify the user by e-mail when it's created.
Alternatively could you specify that the user contect that PHP runs under (apache user?) has unpassworded sudo ability to run the relevant system commands?
I'd prefer the former soln (ie it'll take a while to setup an acct), rather than allowing php/Apache any privileged cmds.
If you really want instant and secure, look at dnotify http://linux.die.net/man/1/dnotify.
This is probably overkill unless you NEED (not just want) an instant response/acct.
I was thinking along those same lines. Just stating that it could take X amount of time for the account to become active. In the end it shouldn't really matter too much because it only occurs once. Of course, password changes could cause an account to be only accessable via an older password for X amount of time. But a small price to pay for security.
Thank you guys.
|All times are GMT -5. The time now is 01:30 PM.|