Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Jul 2013
Create User Shell Script - Can apache use useradd?
USERNAME=$1 DIR=$2 RAND=$3 if [ "$RAND" = "" ] then RAND=`/var/www/system/bin/rand.sh` fi PASS=`/var/www/system/bin/crypt.sh $RAND` echo "---User" echo $USERNAME echo $RAND echo $PASS echo $DIR echo "---" /usr/sbin/useradd $USERNAME -p $PASS -d $DIR
What can I do to allow apache to run this command?
If it helps to know how this is called it starts from a function call in php-
function create_template($tplName, $tplPath)
$pass = randString(20);
`/var/www/system/bin/init_template.sh $tplPath $pass`;
TEMPLATE=$1 PASS=$2 PATH="/var/www/templates/" echo $PATH$TEMPLATE if [ -d "$PATH$TEMPLATE" ]; then echo "Template appears to exist. Canceling"; else echo "Creating Directory $TEMPLATE"; /bin/mkdir $PATH$TEMPLATE/ /bin/mkdir $PATH$TEMPLATE/common/ /bin/mkdir $PATH$TEMPLATE/common/images /bin/mkdir $PATH$TEMPLATE/common/styles /bin/mkdir $PATH$TEMPLATE/common/scripts echo "Template Created At $PATHTEMPLATES" >> /var/www/system/log/tpl.log /bin/chown -R apache.apache $PATH$TEMPLATE /var/www/system/bin/create_user.sh "$TEMPLATE" "/var/www/templates/$TEMPLATE" "$PASS" >> /var/www/system/log/tpl.log fi
There are security issues with the above code but don't mind that right now- I'm just trying to get this to work first.
Also I don't know why I need to call commands from their absolute path (ex: /bin/mkdir). I don't know if that's related but I haven't really looked into that either.
- Join Date
- Dec 2009
Yes, it is as you guessed. The apache user doesn't have permissions to run useradd.
You have a bunch of options here.
1) add apache account to the sudoers file to allow apache to run useradd without specifying a password, then change your script to have it invoke "sudo useradd" instead of useradd
2) have apache write the information to a file, then have a cron script that runs periodically as root which reads the file and invokes useradd
3) configure linux to authenticate to LDAP, then have apache invoke ldapadd instead