helping in cgi script that add users to the system
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
helping in cgi script that add users to the system
hello all ......,
i want to make a cgi program tha make me able to add and delete users
from the system and authenticate them with passwords using perl ....
so how can i think about this cgi script ??,,
i made some stuff that makes me able to access and print the contents
of the /etc/passwd file >>
PHP Code:
$passwd = "/etc/passwd"; open(PW,$passwd) or die "Can't open $passwd:$!\n"; while (<PW>){ ($name,$passwd,$uid,$gid,$gcos,$dir,$shell) = split(/:/); print; } close(PW);
I'm not the best person to answer this question, but it's been just sitting here unanswered, so I'll jump in. And my reaction is:
Waitaminnit, waitaminnit. You're going to allow just anyone in the world to get to this web page and add users to your system? Do you realize the security implications of that?
I mean, there are ways to make this happen, and we can discuss those, but let's consider security first.
there is another commercial stuff like webmin and virtualmin that available as open source for all iam wondering why any one donot answer this question ......
there is another commercial stuff like webmin and virtualmin that available as open source for all iam wondering why any one donot answer this question
maybe because it sounds like a bad idea? (generally speaking, unless you know what you are doing).
well i would probably just qx/useradd blah blah/ or something like that
if i were that way inclined.
You do not want to do it with 'useradd' right? but instead want to do it in the file.
Do it with 'useradd' command, it will finish in 1 step, it do it all for you but
Do it with the file takes more steps but will give more understanding what behind 'useradd' in some way.
So seperate in 2 case here, do it with the files and using command.
1.)The first case (do it with the file):
You can do it but it will involve another file too: '/etc/group' if you want to create user with depand on each group.
You add the new user by write the line with the correct form such as
'test:x:505:500:Test User:/home/test:/bin/bash' to the end of the file.
As i said you must change groupid in the 4th column to what group you have and want this user to be in.
You can create new group as follow,
look in the '/etc/group' file and then add new line like 'testgroup:x:500:' to the file.
Don't forget you must create folder for that user too. By use command 'mkdir /home/test' and change that folder to be owned by that user.
After you add the new user in the file (/etc/passwd) you must use command 'pwconv' to update '/etc/shadow' file telling system that you have added new user. NOTE that this command must execute before creating password is perform.
Almost done, at this point you create password for each user too. You do this by executing the command 'echo passwordfortestuser | passwd test --stdin', this command is benefit for that the process of the script will not be pause and waiting you to enter the password for each user again.
Now I make a sample of code here, as follow.
Code:
#!/usr/bin/perl -w
$newuser = "test";
$userpwd = "testpassword";
$userid = 900;
$usergid = 506; #Assume you already have groupid 506
$comment = "Test User";
open(FILE,'>>/etc/passwd');
$line = "$newuser:x:$userid:$usergid:$comment:/home/$newuser:/bin/bash";
print FILE $line;
close(FILE);
print `pwconv`; #Update /etc/shadow, to tell system that new user is added
print `mkdir /home/$newuser`; #Make directory for 'test' user
print `chown $userid:$usergid /home/$newuser`; #Change owner
print `chmod 700 /home/$newuser`; #Change permission
print `echo $userpwd | passwd $newuser --stdin`; #Create passwd without prompting again.
print "Add User sucessfully\n";
For adding many users like hundreds or else, modify the code running in the loop with the username change relative to the counter in each round of loop (or something else).
2.)Second case (do it with command):
Although you can do man page 'man useradd' to see the parameter and options but I will show it here.
You can perform adding user by execute command 'useradd -g testgroup -s /bin/bash -c "Test User" -d /home/test test'. This will create user test with shell: bash, home-directory: /home/test, comment: Test User, in group: testgroup. It do almost all for you.
Then execute 'echo testpassword | passwd test --stdin'.
Do the system command in `` is for simple use but it will print the result from that command out. You can avoid it by using system() or exec() command instead.
and sudo will have to be configured appropriately for the webserver process uid. Strongly recommend to at least use htaccess controls to limit who gets to use this.
If you are using an Apache web server, the answer to both of these questions is in your Apache documentation. If it is not installed with your web server, it is available online at http://httpd.apache.org/docs/. If you have any intention to run your web server as root, you must read and understand the documentation and all of the implications associated with doing that. This is an issue that affects everyone on the net; don't play fast and loose with things like opening up root access.
If you have any intention to run your web server as root, you must read and understand the documentation and all of the implications associated with doing that. This is an issue that affects everyone on the net; don't play fast and loose with things like opening up root access.
adam_blackice, theNbomr is not saying that this is an issue that affects everyone on the net who tries to run his web server as root.
He is saying that if you run your server as root without understanding and guarding against all your security risks, you affect all of us.
theNbomr, I am not putting words into your mouth, I hope.
Quote and Quote-like Operators
While we usually think of quotes as literal values, in Perl
they function as operators, providing various kinds of
interpolating and pattern matching capabilities. Perl
provides customary quote characters for these behaviors, but
also provides a way for you to choose your quote character
for any of them. In the following table, a "{}" represents
any pair of delimiters you choose.
Customary Generic Meaning Interpolates
'' q{} Literal no
"" qq{} Literal yes
`` qx{} Command yes*
qw{} Word list no
// m{} Pattern match yes*
qr{} Pattern yes*
s{}{} Substitution yes*
tr{}{} Transliteration no (but see below)
<<EOF here-doc yes*
:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
