> On Fri, 24 Jan 2003 15:30:59 +0800, [EMAIL PROTECTED] (Glynn > S. Condez) wrote: > > >Hi All, > > > >I created a cgi perl script, its an account creation script, means you > >can add an account to a linux system. > > > >my problem is, the cgi can't append the password, shadow and group > >file. How can I make my script to work? I don't have any idea now if > >its possible to make the script work. > > When you are asking to do alot with just a simple script. > First of all, you need root access to do this, and running anything > as root thru cgi is asking for trouble. > > Usually the answer to this is to use something like suexec, so the > web browser runs as a user, then put that user in the sudoers file, > with the power to do it. It still is dangerous. > > Another better solution, is to have the cgi write the requests for > user and password change to a file, and run a cron script by root, > which periodically checks it for errors, and does the changes. > > Unless you are really good at this, and few are, it might be best > to use an already developed package to do this. Maybe webmin, > or whatever, I forget the names.
If you need this functionality, I would definitely go with the second option above. Have your cgi script add the accounts and passwords to a text file, and run a cron job every 5 minutes or so (which executes another perl script) to read the file and exec useradd/groupadd on the data contained therein. This will allow your second script to do whatever QA and error checking you require on the submitted username/passwords before adding them, and it alleviates the need to use sudo, etc. Make sure the cron job is root owned. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
