php-general Digest 5 Sep 2006 09:53:38 -0000 Issue 4330
Topics (messages 241359 through 241367):
How to add user to linux using php
241359 by: eqla3.com eqla3.com
241360 by: Jon Anderson
241361 by: J R
241362 by: Ruben Rubio
Re: Crazy behavior...
241363 by: Alex Turner
Is this unsecure?
241364 by: Peter Lauri
241365 by: Paul Scott
241366 by: Peter Lauri
PHP 5.1.6 - virtual_root_level
241367 by: cajbecu
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
i tried to add user to by exeuting shell_exe command so it add user
but if the user added still problem is how to apply the password by command
passwd in linux by php script
because it's an interactive command required to input the password twice in
linux shell.
is there any way to add user and apply password by executing shell command
through php?
--- End Message ---
--- Begin Message ---
eqla3.com eqla3.com wrote:
is there any way to add user and apply password by executing shell
command
through php?
Depending on the distribution, you should have a user addition command
that takes a password argument. In my case, useradd <other args> -p
'<password>' <user>. Check the manual page for adduser , useradd or your
distribution's variant.
Worst case, you can even make a wrapper around the command with shell
script that'll do the multiline echo for you.
jon
--- End Message ---
--- Begin Message ---
you have to understand that the adduser is a previledge command and a root
only command (unless you allowed other users) and normally php will and
should be running in a restricted access. normally it is running as user
apache/user/nobody (depends on your settings) now there are two ways you can
allow adduser(or any priviledge command for that matter).
1. give user apache the addusser priviledge (which is very unsecure), then
execute shell_exe as root would.
2. create a root process like a cron job which will start at boot of your
server, then on your shell_exe pass your command to that process and have
that root process execute that command (bit more secure).
hth,
john
On 9/5/06, Jon Anderson <[EMAIL PROTECTED]> wrote:
eqla3.com eqla3.com wrote:
> is there any way to add user and apply password by executing shell
> command
> through php?
Depending on the distribution, you should have a user addition command
that takes a password argument. In my case, useradd <other args> -p
'<password>' <user>. Check the manual page for adduser , useradd or your
distribution's variant.
Worst case, you can even make a wrapper around the command with shell
script that'll do the multiline echo for you.
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
GMail Rocks!!!
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
1) You can configure nobody (apache/php user) to log with ssh key
verification (You do not need to write a password) So you can execute
"ssh [EMAIL PROTECTED]" and you can login without write any password.
2) Configure a php that execute a perl script with username/password as
parameter. (You should very carefully check that the parameters are only
characters with no estrange characters there)
3) Use Perl module Net::SSH to log as root in localhost and execute
adduser command.
Note: You can be a little bit secure if you create an user that has
enough privileges to execute adduser, and instead login as root with ssh
key verification log as that user.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE/RowIo1XmbAXRboRAiX8AKCQyviGYZQdGNw9Qgld+rhgD/9xqQCgkNa4
w9QLmo8b6VIIZtdMo0cI8tU=
=6YaW
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Yes - I see your point - however, when something does not work, I generally try
and get is as close the accepted norms as possible and then work backwards.
Alexander J Turner Ph.D.
www.deployview.com
www.nerds-central.blogspot.com
www.project-network.com
-----Original Message-----
From: Jochem Maas [mailto:[EMAIL PROTECTED]
Sent: 04 September 2006 22:43
To: Alex Turner
Cc: Peter Lauri; [email protected]
Subject: Re: [PHP] Crazy behavior...
Alex Turner wrote:
> Peter,
>
> When it arrives at the browser, via ajax, I am guessing that you then put it
> into the page view .innerHTML or some other method.
>
> I suspect your problem revolves around asking the browser to do stuff it
> should not really have to do.
>
> There are two issues I would like to highlight with the html.
>
> 1) You are mixing TH and TD on the same row. You should be using styles to
> set the different presentations of the elements.
TD and TH are not about 'presentation of elements' but about the semantics of
the elements.
TD and TH are allowed in a single row.
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.11.7/436 - Release Date: 01/09/2006
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.11.7/436 - Release Date: 01/09/2006
--- End Message ---
--- Begin Message ---
Hi,
I have bumped into a problem. I need to use a web service that is located on
server B from server A. The server B will execute a script when the web
service is accessed and an email is sent as an parameter. The problem is, if
I only have the email as incoming parameter, anyone can just figure out the
url for the web service, the name, and then just send the email to that
address.
To make this a little bit secure I setup so two parameters are sent, the
email and a confirmation code. First I was just thinking to basically have a
password sent with, and if that is correct just execute the script. However,
due to server restrictions I can not run it on HTTPS, so that also looses
value.
So this is how I solved it:
I send a parameter with the request that is the email, some extra characters
and then MD5 on that. I do this on server A and then server B just checks if
it is the same resulting string. If so, we know it comes from server A
because that server is the only one that knows the extra characters used.
$authstring = md5("asdf".$email."fdsa");
Would this be hard to crack assuming that the one who cracks does not know
the characters that are used to generate the $authstring?
Maybe someone have experience with this? Or just a comment?
Best regards,
Peter Lauri
www.lauri.se <http://www.lauri.se/> - personal web site
www.dwsasia.com <http://www.dwsasia.com/> - company web site
--- End Message ---
--- Begin Message ---
On Tue, 2006-09-05 at 16:04 +0700, Peter Lauri wrote:
> I have bumped into a problem. I need to use a web service that is located on
> server B from server A. The server B will execute a script when the web
> service is accessed and an email is sent as an parameter. The problem is, if
> I only have the email as incoming parameter, anyone can just figure out the
> url for the web service, the name, and then just send the email to that
> address.
>
Why not just use SOAP envelope authentication?
--Paul
All Email originating from UWC is covered by disclaimer
http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm
--- End Message ---
--- Begin Message ---
Isn't that just to send a username and password with the request? Or is the
username and password protected somehow in that process?
-----Original Message-----
From: Paul Scott [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 05, 2006 4:08 PM
To: Peter Lauri
Cc: [email protected]
Subject: Re: [PHP] Is this unsecure?
On Tue, 2006-09-05 at 16:04 +0700, Peter Lauri wrote:
> I have bumped into a problem. I need to use a web service that is located
on
> server B from server A. The server B will execute a script when the web
> service is accessed and an email is sent as an parameter. The problem is,
if
> I only have the email as incoming parameter, anyone can just figure out
the
> url for the web service, the name, and then just send the email to that
> address.
>
Why not just use SOAP envelope authentication?
--Paul
--- End Message ---
--- Begin Message ---
Hello,
It seems that virtual_root_level is not working with PHP version 5.1.6!
I tried to aply the patch designed for 4.3.4 but there was no changes..
Is there any patch for that designed for PHP version 5.1.x? How can I
make virtual_root_level working on my server?
Thanks in advance,
cajbecu
--- End Message ---
