#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    3
    Rep Power
    0
    I have a form where a user enters values to create a user on a server. I need to be able to execute the Useradd command but I can't. Is there a way of logging in the server using CGI and then executing the command?

    Thank you ,

    Pericles Cheng
  2. #2
  3. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    19
    Rep Power
    0
    Defining of cgi_user for priveleged user will be a hole in security of your net.
    You can write UNIX-shell or perl script with required procedures that will read thru a 'loop' some directory. This script could be run by priveleged user.

    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by pcheng:
    I have a form where a user enters values to create a user on a server. I need to be able to execute the Useradd command but I can't. Is there a way of logging in the server using CGI and then executing the command?

    Thank you ,

    Pericles Cheng
    [/quote]

  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    3
    Rep Power
    0
    Is there a way that a user could log in the server using a username and password (something like telnet, but through cgi)? That way the user must know the username and password to access the files needed by the program. I found something that might be of help but I am not sure how to implement it. That is the SETUID command but it takes a lot of configuring.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    300
    Rep Power
    15
    Well, as far as my UNIX knowledge goes, setuid is the only thing you can do to make this work. Reading a man page for the command should get you on the right track.
  8. #5
  9. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>Is there a way of logging in the server using CGI and
    >>then executing the command?

    Yes, run Apache as 'root', which is not a wise thing to do.

    >>That is the SETUID command but it takes a lot of configuring.

    setuid or cgiwrap doesn't enable your users to run ANY system commands.

    >>something like telnet, but through cgi
    Yes, download-> http://www.perl.com/CPAN-local/modul...et-3.02.tar.gz
    Read->http://www.perl.com/CPAN-local/modules/by-module/Net/Net-Telnet-3.02.readme

    Pericles, Even you trust those users, what you are trying to do is opening your server for potential attacks.

    [This message has been edited by freebsd (edited June 27, 2000).]
  10. #6
  11. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Location
    Southern California
    Posts
    73
    Rep Power
    15
    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by pcheng:
    I have a form where a user enters values to create a user on a server. I need to be able to execute the Useradd command but I can't[/quote]

    You should split this process into two actions. Have your CGI form handler insert the info into a DBM file or SQL database, then write a cron job that runs every five minutes, running as root, put the database info into the system using 'pw' or the equivalent on your system.

  12. #7
  13. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    3
    Rep Power
    0
    Thank you all for your help. I finally made it by using the Net::Telnet module and telneting to the machine. This gave me the option of logging in as super user and performing the tasks I needed.

    Once again thank you for all your help.
  14. #8
  15. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    19
    Rep Power
    0
    It isn't a good idea to store not encrypted password for root in general and in the public catalog especially.
    And another thing is that you will need to change text of your programm when you assign a new password for root.

IMN logo majestic logo threadwatch logo seochat tools logo