Executing root commands

I have a form where a user enters values to create a user on a server. I need to be able to execute the Useradd command but I can't. Is there a way of logging in the server using CGI and then executing the command?

Thank you ,

Pericles Cheng

Defining of cgi_user for priveleged user will be a hole in security of your net.
You can write UNIX-shell or perl script with required procedures that will read thru a 'loop' some directory. This script could be run by priveleged user.

<BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by pcheng:
I have a form where a user enters values to create a user on a server. I need to be able to execute the Useradd command but I can't. Is there a way of logging in the server using CGI and then executing the command?

Thank you ,

Pericles Cheng[/quote]

Is there a way that a user could log in the server using a username and password (something like telnet, but through cgi)? That way the user must know the username and password to access the files needed by the program. I found something that might be of help but I am not sure how to implement it. That is the SETUID command but it takes a lot of configuring.

Well, as far as my UNIX knowledge goes, setuid is the only thing you can do to make this work. Reading a man page for the command should get you on the right track.

>>Is there a way of logging in the server using CGI and
>>then executing the command?

Yes, run Apache as 'root', which is not a wise thing to do.

>>That is the SETUID command but it takes a lot of configuring.

setuid or cgiwrap doesn't enable your users to run ANY system commands.

>>something like telnet, but through cgi
Yes, download-> http://www.perl.com/CPAN-local/modules/by-module/Net/Net-Telnet-3.02.tar.gz
Read->http://www.perl.com/CPAN-local/modules/by-module/Net/Net-Telnet-3.02.readme

Pericles, Even you trust those users, what you are trying to do is opening your server for potential attacks.

[This message has been edited by freebsd (edited June 27, 2000).]

<BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by pcheng:
I have a form where a user enters values to create a user on a server. I need to be able to execute the Useradd command but I can't[/quote]

You should split this process into two actions. Have your CGI form handler insert the info into a DBM file or SQL database, then write a cron job that runs every five minutes, running as root, put the database info into the system using 'pw' or the equivalent on your system.

Thank you all for your help. I finally made it by using the Net::Telnet module and telneting to the machine. This gave me the option of logging in as super user and performing the tasks I needed.

Once again thank you for all your help.

It isn't a good idea to store not encrypted password for root in general and in the public catalog especially.
And another thing is that you will need to change text of your programm when you assign a new password for root.