#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2004
    Posts
    2
    Rep Power
    0

    Need create new FTP-account via PHP!


    I need this script for free hosting service.
    When new user signup, I need automatically created FTP account with home dirrectory /home/userlogin and subdomain as userlogin.myhost.com
    Can anybody help me?
    I have root acces. I try use unix command as "useradd" via php:
    system("useradd user -p password -d /home/$user") bot it still not work. Please help!!!
  2. #2
  3. No Profile Picture
    Not there when you need me
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Oct 2001
    Location
    Berlin, Germany
    Posts
    1,430
    Rep Power
    15
    Does PHP have root access as well?
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Aug 2003
    Posts
    778
    Rep Power
    12
    Hi,

    As has been pointed out php does not have root access and for a good reason. You can
    easily wreck havoc with that kind of access.

    HOwever all is not lost there is still suexec and sudo.
    A lean and mean secure FTP applet with GUI. Just 150 kb in size
    http://www.radinks.com/sftp
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2004
    Posts
    2
    Rep Power
    0
    How can I set up root acces for PHP?
  8. #5
  9. No Profile Picture
    Not there when you need me
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Oct 2001
    Location
    Berlin, Germany
    Posts
    1,430
    Rep Power
    15
    Run it as root.
  10. #6
  11. No Profile Picture
    The Wizard
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2003
    Posts
    128
    Rep Power
    12
    u dont want root access for php.. one bug in any script and ur server goes down the drain
  12. #7
  13. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2004
    Location
    Chandler AZ
    Posts
    2
    Rep Power
    0

    Cool


    I just went through this and ended up using a combination of php and shell scripts. I also took advantage of a program called super. This program has a tab file with entries that detail specific users with programs that they are allowed to run with root privilages. I avoided running apache or php as root to minimize security vulnerabilities. You're on the right track using the system call. I used the system function to run my super app that then referenced the shell script for creating users. This was all done on FreeBSD, the php code was:

    function createUser($dur, $comp, $user, $passwd, $em){
    system("/usr/local/bin/super userSetup.sh $dur $comp $user $passwd $em");
    }

    I went a step further and used $dur to perform an automatic account expiration, $comp is what company this new user is associated with, and $em is the email account of the person that created the account. When the account is about to be deleted a message is sent to the person that create it.

    userSetup.sh is my shell script that actually runs the pw program to create local system accounts. This is a FreeBSD passwd manager command. I'm not sure what the equivalent would be for linux.

    The line within the shell script that creates the local account is:
    echo $4 | /usr/sbin/pw useradd -q -h 0 -n $3 -s /bin/none -d /home/$3 -m

    The options here are:
    -q quite mode, -h 0 accept input for password from stdin, -n the users name, -s users shell, -d home dir and -m to create the home dir. $4 is the password, $3 is the username. The other values passed to the shell script form php are used elsewhere in the shell script for setup of automatic account deletion.

    I also moved the shell scripts and php script that calls the shell script to a directory outside of apache's local dir.
    i.e. apache->php to collect new user info->pass info to php script outside of apache local dir->php script calls shell script also outside of apache local dir->shell script calls super prog->super references super.tab to see if the www user that apache/php is running as can run the referenced shell script (thus gaining root privs to execute the pw command and affect the accounts database)->pw is run with passed vaules->new local user with no shell env is created for ftp use only.

    Again an attempt at minimizing breaches.

    Hope this helps.

    Sionix
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    4
    Rep Power
    0

    What you need a scheduler is...


    Have you ever figured out why you never get instantly into your account when you apply for a free web space?

    Almost web hosting services schedule "account creation" requests coming from the www layer.

    So you will have your php script, writing somewhere, on some table, or file or whatever, a schedule of user creation requests.

    Then you need to implement a cron job on your server, reading the commands queue, ( better if u parametrize it and then parse it with regular expressions and create a limited *nix user just to run that kind of jobs ).

    F.Example:

    PHP -> writes new account requests into a database
    SH -> script reads requests and create users
    CRONTAB -> contanis entries calling ur SH script.
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    4
    Rep Power
    0

    Don't trust user input


    like that...

    Originally Posted by sionix
    I just went through this and ended up using a combination of php and shell scripts. I also took advantage of a program called super. This program has a tab file with entries that detail specific users with programs that they are allowed to run with root privilages. I avoided running apache or php as root to minimize security vulnerabilities. You're on the right track using the system call. I used the system function to run my super app that then referenced the shell script for creating users. This was all done on FreeBSD, the php code was:

    function createUser($dur, $comp, $user, $passwd, $em){
    system("/usr/local/bin/super userSetup.sh $dur $comp $user $passwd $em");
    }

    I went a step further and used $dur to perform an automatic account expiration, $comp is what company this new user is associated with, and $em is the email account of the person that created the account. When the account is about to be deleted a message is sent to the person that create it.

    userSetup.sh is my shell script that actually runs the pw program to create local system accounts. This is a FreeBSD passwd manager command. I'm not sure what the equivalent would be for linux.

    The line within the shell script that creates the local account is:
    echo $4 | /usr/sbin/pw useradd -q -h 0 -n $3 -s /bin/none -d /home/$3 -m

    The options here are:
    -q quite mode, -h 0 accept input for password from stdin, -n the users name, -s users shell, -d home dir and -m to create the home dir. $4 is the password, $3 is the username. The other values passed to the shell script form php are used elsewhere in the shell script for setup of automatic account deletion.

    I also moved the shell scripts and php script that calls the shell script to a directory outside of apache's local dir.
    i.e. apache->php to collect new user info->pass info to php script outside of apache local dir->php script calls shell script also outside of apache local dir->shell script calls super prog->super references super.tab to see if the www user that apache/php is running as can run the referenced shell script (thus gaining root privs to execute the pw command and affect the accounts database)->pw is run with passed vaules->new local user with no shell env is created for ftp use only.

    Again an attempt at minimizing breaches.

    Hope this helps.

    Sionix
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    4
    Rep Power
    0

    Thumbs up You are right brother


    Of course!
    Originally Posted by wizards
    u dont want root access for php.. one bug in any script and ur server goes down the drain

IMN logo majestic logo threadwatch logo seochat tools logo