Problem in scripting
 

I am trying to develop something just for fun by using perl & cgi scripting with linux.

What I am trying to do is, creating user from the web.

This is my html script

<HTML>
<BODY>
<FORM METHOD="POST" ACTION="/cgi-bin/myscript2.cgi">
<PRE>
First Name <INPUT TYPE="text" NAME="name" MAXLENGTH=15 SIZE=15>
<INPUT TYPE="submit" VALUE="Send Mail!">
<INPUT TYPE="reset" value=" Clear-Form">
</PRE>
</FORM>
</BODY>
</HTML>

This script suppose to get user input.

then myscript2.cgi looks like tis

#!/usr/bin/perl

use strict;
use CGI;

my $q = new CGI;
my $name = $q->param( "name" );

system("/etc/sbin/useradd $name");

print $q->header( "text/html" ),
$q->start_html( "Welcome" ),
$q->p( "Hi $name!" ),
$q->end_html;

BUt it does not create the users. I wonder y. This system lacks in security. BUt I am doing it only for fun in localhost. Im learning step by step phase.if can create users. I wana figure it out how it can be done securely.
But my question is how to receive the parameter from the web and use the parameter with useradd comand and create the user.

HOpe u guys can give me ideas

If you redirect stdout & stderr in the system cmd (or check the Apache error_log) you'll find that the cmd runs as apache (or www or nobody) and doesn't have privs (root) to create users (iirc)

Do you mean that myscript2.cgi is executed by Apache and not LInux. Apache cant execute Linux commands. So what should I do, to make LInux execute the script or the command (system("/etc/sbin/useradd $name"))

A couple of points.

1. You can only create users as root or via sudo
2. You should not run CGI scripts with root powers!

If you run CGI scripts as root then you are asking for a security problem.

OK now I have succesfully create users from the web. That means I can enter a username, n a new user will be created in my linux box. BUt i have use only useradd to create the user. That means the particular user doesnt have a password. so how to let the user create his own password for his username from the web. Do I have to configure any files?

Guys, now I am doing this in my linux box and under localhost, not for everyone. So, when i can able to complete this, then i can concentrate the security part. So currently, its not about the security. Security is the second phase. So please dont worry about the security now. I will definetely will enhance my fun project with added security in near future.

HOpe to receive some ideas from the experts..Thank You

To change or set a password you need to use the passwd command: /usr/bin/passwd

However this requires input, which cannot just be a straight echo command.

Example 1:
You will see that this fails!

This is the same if you enter the passwords in a file and cat to passwd.

Testpass:
Example 2:
You can use named pipes but I don't think this is going to provide a soloution for you.

Named pipe Example (session 1):
Named pipe Example (session 2):
Named pipe Example (session 1 - continued):
Have you thought of looking at Webmin, as this may already do everything that you are after.

Yea, but Webmin does things for us. I am just playing around with my box. So I wanted to try this stuff first. Can we modify the adduser or the passwd configuration files to make his possible.

To create a password without using passwd, you need to use crypt.

Modified CGI Script:

To include the password field in the form:

Yea I found the solution.GOt help from the forums too. Thanks alot guys