Mark Lo wrote: > I would like to know how to use the exec command to assign a new > system > users. I have sent out this questions so many times, but doesn't get any > reply. Does It means this is ridiculous to assign a new system user using > PHP EXEC command.
Pretty much, yeah. It's a pretty risky way to run a computer -- You are hanging out a "hack me" sign on the front door. Still, here are the things you need to be aware of: #1. This should only be done over HTTPS (SSL) so that new username/password values cannot be sniffed. #2. The Un*x 'passwd' command requires that the user be on a "real" TTY terminal, and cannot be called via exec. This means that you will have to maybe do some voodoo magic in a shell to write a script to "fool" passwd into thinking you really are a real human on a real TTY doing this, *OR* you can queue up the 'passwd' commands to be executed later by a real human or a cron job or something similar, *OR* you *COULD* munge /etc/passwd and the shadow password file directly if you were a real guru. #3. No matter how much you automate this, you *REALLY* need to pay attention to the users being added to your box and what they are doing. #4. It *CAN* be done, and it *HAS* been discussed, and the answers you seek *ARE* in the archives. #5. If you don't understand all of the above, and way, way, way more, then you really should *NOT* be doing this -- It's an extremely risky tricky idea, and if you don't have a deep and full understanding of what you're doing, you're likely to make your box completely insecure. -- Like music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
