Geek Answers Handbook

Create linux user using php?

I am currently working on creating a member system for my FTP server for close friends that I want to have access to the server, however the FTP server I use (proFTPd) uses Linux users as each member account, therefore I need to use an html form with php, of course, which will have access to the server and be able to create a user on the system.

Now I have a form that is fully customizable with its validating username / username / password and storing it in my sql database. The only thing I am missing is to create a new user to finish it.

I know that this is not always the safest thing, but I really want to do this, and I know the dangers, so any help would be nice ...

As of now, from what I always used to create a user on linux (or my version of Ubuntu atleast), this is:

useradd [username] -p [password] -d [/path_to_home_directory] -s [/bin/false]

without brackets, of course.

I also know php commands: shell_exec, exec, system () However, I tried each of them with a line to create a user in it, and nothing works.

I did a bit more research and noticed that the web server is running on www-data (what it should be) and it does not have access to the useradd command. Therefore, I "viduso" him and still have not changed.

From what I saw, I can provide access to www data to the script on the server, which then creates the user as root, but I do not know how to transfer the variables stored in php to the script.

If you need more information to help just ask. This is the last thing I need to complete my last 2-month project, which includes a desktop application and all that. It is so close, but I cannot understand it.

+4
source share
5 answers

You should not create a Unix user account for the FTP service. To use authentication (store an account in MySQL), you must integrate your proFTP server to use MySQL , so in this case you do not need to create a Unix account, and this would be a much better and safe solution:

proFTP with MySQL

+3
source

You can set the setuid bit to useradd , so it works with root permissions (for example). But note: THIS IS A VERY RISK . This will allow any user on the server to create users.

Anyway, I think this is a security hole to create a web php script to create accounts!

+2
source

Just notice. When using control panel types, you sometimes have to perform actions with root privileges. I found that the best ways to do this is to start the PHP control panel without any elevated privileges. It is quite difficult to make a properly secure PHP web application, since it does not expose the host system to vulnerabilities.

If the control panel needs to make changes that require root access or any level of access above the web server user, it is better to store information about changes that should be made somewhere where the web server user has normal access to - in the database or by creating text file somewhere web user can write files. Normal sanitation can take place for data provided by the user before the information is saved.

Then run a cron script every minute, or hour, or something else suitable for a case like root, take the data from where it is stored, and perform the required action. You can also perform health checks in this script.

+1
source

I think the safest way to do this is to set the web server user to sudoer only for commands that start with useradd or adduser regardless of your distribution. Therefore, you do not need to make your web user as root.

0
source

The script will be like this:

 <?php $user_name = "uuttyy"; $user_pass = "passwer9911"; $ret_useradd = 0; $ret_passwd = 0; passthru('useradd -m '.$user_name, $ret_useradd); if ($ret_useradd) { printf("Something wrong with useradd, code: %d\n", $ret_useradd); exit(); } passthru('echo "'.$user_name.':'.$user_pass.'" | chpasswd', $ret_passwd); if ($ret_passwd) { printf("Something wrong with chpasswd, code: %d\n", $ret_passwd); echo exec('userdel '.$user_name); exit(); } printf("All done!\n"); ?>

But the correct answer is not to do this, he has security problems! Configure (or change) your FTP server to use user databases and add users to this database. As Satish says, proftpd + mariadb (mariadb is the best mysql fork) is good for this

-1
source

More articles:


All Articles