allow apache certian commands

paintcheck200 · 03-15-2005, 02:09 PM

How would I go about allowing apache to execute a command say like useradd?

Matir · 03-15-2005, 02:59 PM

Apache doesn't execute commands. (Well, not in the way I think you're looking for.) Presumably, you want a website to add users. You'll need to build yourself a CGI interface, be it PHP/PERL/C, whatever. Then from there you can add users.

paintcheck200 · 03-15-2005, 03:12 PM

well, I've made a php script to do the command, but doesn't apache need permisions to run the command?

Also, does the script need to be in cgi-bin for some wierd reason?

Matir · 03-15-2005, 03:41 PM

PHP scripts do not need to be in any particular directory. The user apache runs as (generally apache, httpd, or nobody) must be able to add the user. This can introduce some interesting security holes, and is generally discouraged. One possibility is a hardlink to the adduser command that is setuid, owned by root, and has the group of apache. Permissions should be 750. Again, this is not neccessarily a secure practice, and you should look into something slightly more sophisticated.

paintcheck200 · 03-15-2005, 03:45 PM

hmm..., well the deal is I need to authenticate to ftp for a certian reason, and I would like to somewhat automate account creation throught a web interface. Right now I'm using vsftp, but maybe I should switch to something else that allows ftp accounts other thens system accounts, maybe proftpd.

allowing localhost ftp only- perl authenticates to it - netreg ;-)