Problem in scripting
I am trying to develop something just for fun by using perl & cgi scripting with linux.
What I am trying to do is, creating user from the web. This is my html script <HTML> <BODY> <FORM METHOD="POST" ACTION="/cgi-bin/myscript2.cgi"> <PRE> First Name <INPUT TYPE="text" NAME="name" MAXLENGTH=15 SIZE=15> <INPUT TYPE="submit" VALUE="Send Mail!"> <INPUT TYPE="reset" value=" Clear-Form"> </PRE> </FORM> </BODY> </HTML> This script suppose to get user input. then myscript2.cgi looks like tis #!/usr/bin/perl use strict; use CGI; my $q = new CGI; my $name = $q->param( "name" ); system("/etc/sbin/useradd $name"); print $q->header( "text/html" ), $q->start_html( "Welcome" ), $q->p( "Hi $name!" ), $q->end_html; BUt it does not create the users. I wonder y. This system lacks in security. BUt I am doing it only for fun in localhost. Im learning step by step phase.if can create users. I wana figure it out how it can be done securely. But my question is how to receive the parameter from the web and use the parameter with useradd comand and create the user. HOpe u guys can give me ideas |
If you redirect stdout & stderr in the system cmd (or check the Apache error_log) you'll find that the cmd runs as apache (or www or nobody) and doesn't have privs (root) to create users (iirc)
|
Do you mean that myscript2.cgi is executed by Apache and not LInux. Apache cant execute Linux commands. So what should I do, to make LInux execute the script or the command (system("/etc/sbin/useradd $name"))
|
A couple of points.
If you run CGI scripts as root then you are asking for a security problem. |
OK now I have succesfully create users from the web. That means I can enter a username, n a new user will be created in my linux box. BUt i have use only useradd to create the user. That means the particular user doesnt have a password. so how to let the user create his own password for his username from the web. Do I have to configure any files?
Guys, now I am doing this in my linux box and under localhost, not for everyone. So, when i can able to complete this, then i can concentrate the security part. So currently, its not about the security. Security is the second phase. So please dont worry about the security now. I will definetely will enhance my fun project with added security in near future. HOpe to receive some ideas from the experts..Thank You |
To change or set a password you need to use the passwd command: /usr/bin/passwd
However this requires input, which cannot just be a straight echo command. Example 1: Code:
echo "Testing This is the same if you enter the passwords in a file and cat to passwd. Testpass: Code:
Testing Code:
cat Testpass|/usr/bin/passwd TestUser Named pipe Example (session 1): Code:
mkfifo myfifo Code:
cat myfifo|/usr/bin/passwd TestUser Code:
Testing |
Yea, but Webmin does things for us. I am just playing around with my box. So I wanted to try this stuff first. Can we modify the adduser or the passwd configuration files to make his possible.
|
To create a password without using passwd, you need to use crypt.
Modified CGI Script: Code:
#!/usr/bin/perl Code:
<HTML> |
Yea I found the solution.GOt help from the forums too. Thanks alot guys
|
All times are GMT -5. The time now is 11:30 PM. |