help php adding a user in linux

Discussion in 'Programming/Scripts' started by firemission, Sep 4, 2007.

  1. firemission

    firemission New Member

    hello all. I seem to be having difficulties with my lifestyle today. You see my problem is that I am writing a custom php script for a small hosting company, they want the user to be able to sign up and pay (got all that working) then the server is to autoprovision their account and create the user where everything should be. now the problem i am having is this is all done with php. and when salling the useradd command from withing php it is barfing so i edit the sudoers file to let the webserver user execute the useraddcommand as root without a password. this also is barfing i know it is not a syntax problem wih the command itself cause if i SSH into the server and execute the command the webserver is trying it woorks perfect. so my question is why when i ssh into the box and execute the coomand it works perfect but when php simply sends the command to the box using the exec() function it barfs. i have alse tried passthru() and system() all of them barf. and it is getting smelly in here due to all the barfing. any insight would be much appreciated./
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Do you get any error messages? What's in Apache's error log? What's in /etc/sudoers?
     
  3. firemission

    firemission New Member

    no errors

    I get no errors in the apache error log and nothing in the system log. and the lines I added to the sudoers file is.

    [apache user] ALL=/usr/sbin/passwd,/usr/sbin/useradd,/usr/sbin/userdel NOPASSWD: ALL.

    so i dont get it
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Do you get any errors in your browser?

    Maybe the exec() function isn't allowed in your php.ini?
     
  5. firemission

    firemission New Member

    I wrote the php.ini . It is allowed. I have also tried the system() and passthru() functions, they don't work either. I have built a workaround for this by writing a bash shell script that is called from within php by an exec() call, and sent the pertinent variables. It works now but I dont like how i had to do it for security reasons.
     
  6. falko

    falko Super Moderator ISPConfig Developer

    Did you use the full path to useradd (/usr/sbin/useradd) in exec() or just useradd? It's possible that the PATH variable is different within your PHP script.
     
  7. firemission

    firemission New Member

    the exact code used is as follows
    // pulls user from MySql Database
    $user = get_user($UID,'','');
    //building command
    $command = "sudo /usr/sbin/useradd -g 100 -d ".$user['rootDir']." -k
    /srv/www/htdocs/skel -s /bin/false -c \"".$user['firstName']."
    ".$user['lastName']."\" ".$user['userName'];
    //execute command
    exec($command,$return);
    //getting return
    if (is_array($return)){
    //if return we send output to browser
    print_r($return);
    }
     
  8. firemission

    firemission New Member

    on a side note I have developed a workaround to this particular problem. It is much more complex and by that virtue less secure and unreliable. I have written a shell script that accepts 2 arguments, username and password, then the shell script creates the user as root and returns an exit status to the php exec() function. The real problem is that if is someone knows the exact path to the shell script they could create users arbitrarily on the server as the shell script needs to be r-x by the www server.
     
  9. falko

    falko Super Moderator ISPConfig Developer

    You can try to use the full path to sudo as well.
     
  10. firemission

    firemission New Member

    that didn't work either. I have developed a workaround that secure enough for my tastes and also does what i need it to. it puts the username, password, home dir and all that stuff into a database. then i have a chrontab job that runs every 5 min as root that pulls the info and creates the user then deletes the info from the database. I am happy with that solution. maybe i should submit this as a bug to php.net?
     

Share This Page