Find the answer to your Linux question:
Results 1 to 3 of 3
Today I got my mail server setup with Postfix+Procmail+Courier-IMAP on my Arch test system and it's working great. It uses local UNIX users with Maildir format. I even setup access ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie Nagarjuna's Avatar
    Join Date
    Feb 2011
    Posts
    122

    [SOLVED] Crafting PHP Script to Create UNIX User


    Today I got my mail server setup with Postfix+Procmail+Courier-IMAP on my Arch test system and it's working great. It uses local UNIX users with Maildir format. I even setup access to it with Squirrel-Mail.

    For kicks, I'm trying to make a simple web-interface one could access via a browser to create a UNIX mail user on the server. So far, I have a file called "create_user.html" which simply receives user input through html-fields, asking for a new username and password. It then outputs the results to a file called "create_user.php" which then tries to create the user. Both of these files are located in a folder called "sign_up" in the httpd root, '/srv/http/'

    create_user.html
    Code:
    <html>
    <body>
    
    <form action="/sign_up/create_user.php" method="post">
    Username: <input type="text" name="username" /><br />
    Password: <input type="text" name="password" />
    <input type="submit" />
    </form>
    
    </body>
    </html>
    create_user.php
    Code:
    <html>
    <body>
    
    Your username is: <?php echo $_POST["username"]; ?><br />
    Your password is: <?php echo $_POST["password"]; ?><br />
    
    <?php exec("adduser -u $_POST["username"] -p $_POST["password"] -g users -s /bin/bash", $results); ?>
    
    </body>
    </html>
    I realize there should be a permission issue with the above scripts. I'm not sure if this would resolve that, but I set the permissions for these files like so:

    Code:
    /srv/http/sign_up
    drwxrwxrwx  3 http http 4096 Mar  6 16:29 .
    drwxr-xr-x  9 http http 4096 Mar  6 15:22 ..
    -rwsr-x---  1 root http  286 Mar  6 15:34 create_user.html
    -rwsr-x---  1 root http  252 Mar  6 16:08 create_user.php
    -rwsr-x---  1 root http  536 Mar  6 15:58 create_user.sh
    As you can see, I set the SUID on all the scripts. At the moment, security isn't a huge factor. This is all for testing purposes and won't be up permanently.

    So, when I access the scripts (http://domain.com/sign_up/create_user.php), I can enter in my username+password into the respective fields, but when I submit, I get a generic error from my browser:

    Code:
    Server error
    The website encountered an error while retrieving http://domain.com/sign_up/create_user.php. It may be down for maintenance or configured incorrectly.
    
    HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request.
    By the way, I'm really not too familiar with PHP. I've just been using Google to figure things out thus far, so if my code is nasty looking, that is why

    It'd be awesome if someone could point me in the right direction here. Just let me know if you need anymore information!

    Thanks.
    Last edited by Nagarjuna; 03-06-2011 at 10:05 PM.

  2. #2
    Linux Newbie Nagarjuna's Avatar
    Join Date
    Feb 2011
    Posts
    122
    Ok, I've made some changes that put me either one step forward, or one step backwards..

    I've edited the create_user.php file so that it puts the entered username and password into variables, and then passes them to a BASH script called create_user.sh which then tries to create the user:

    create_user.php
    Code:
    <html>
    <body>
    
    Your username is: <?php echo $_POST['username']; ?><br />
    Your password is: <?php echo $_POST['password']; ?><br />
    
    <?php
    $_REQUEST['username']; 
    $_REQUEST['password']; 
    import_request_variables('p', 'p_'); 
    
    system("./create_user.sh $p_username"); 
    system("./create_user.sh $p_password"); 
    exec("./create_user.sh", $results); 
    ?>
    
    </body>
    </html>
    create_user.sh
    Code:
    #!/bin/bash
    
    NAME=$1
    PASS=$2
    
    echo "Creating user: " $NAME
    echo "With password: " $PASS
    adduser -u $NAME -p $PASS -g users -s /bin/bash
    Now, when I access create_user.html and enter in a username and password, it looks like it attempts to setup the user, but it errors out:

    Code:
    Your username is: test
    Your password is: password
    Creating user: test 
    With password: password
    Login name for new user: -u New account will be created as follows: --------------------------------------- 
    Login name.......: -u 
    UID..............: [ Next available ] 
    Initial group....: users 
    Additional groups: [ None ] 
    Home directory...: /home/-u 
    Shell............: /bin/bash 
    Expiry date......: [ Never ] 
    This is it... if you want to bail out, hit Control-C. Otherwise, press ENTER to go ahead and make the account. 
    Creating new account... - Error running useradd command -- account not created! (cmd: /usr/sbin/useradd -d /home/-u -m -g users -s /bin/bash -u)
    The first thing I notice in the above error message is that when used by the adduser command, it is displaying the $USER variable as '-u' which I'm not sure is normal. This leads me to believe that my scripting is wrong. However, I find it strange that when the script echo's the variables, the expected contents are displayed.

    The only other thing I can think of is it being a permission error. The adduser error is very vague, so I checked some common logs to see if I can find out anything.. Unfortunately, I couldn't find any logs related to that command.

    Does anyone have an idea about what I'm doing wrong?
    Last edited by Nagarjuna; 03-06-2011 at 10:29 PM.

  3. #3
    Linux Newbie Nagarjuna's Avatar
    Join Date
    Feb 2011
    Posts
    122
    I finally got the script working. I found a nice little guide on doing just what I was trying to do located at Code Examples -> Add a linux user from php, however I had to make a few small changes to the script after words to get it working:

    First is set some permissions for the 'http' user using the visudo command:

    Code:
    http ALL=NOPASSWD:/usr/sbin/useradd,/bin/mkdir,/bin/ln,/bin/chown,/bin/cp,/bin/sed
    This gives http the permission to use sudo without a password and only be able to use the above commands.

    Then I created the BASH script that will create my user and setup mail directories. I'll paste only the part for adding users for simplicity:

    Code:
    # Create UNIX User
    sudo /usr/sbin/useradd $1 -g users -c "$2" -d /home/$1 -s /bin/bash -p $3 
    sudo /bin/mkdir /home/$1
    sudo /bin/mkdir /srv/http/users/$1 
    sudo /bin/ln -s /srv/http/users/$1 /home/$1/http 
    
    # Set Ownership
    sudo /bin/chown -R $1:users /home/$1
    sudo /bin/chown -R $1:users /srv/http/users/$1
    For what ever reason, I couldn't get useradd to automatically create the home directory, so I just created a section, so I had to make it using the mkdir command. Anyone know why this is?

    I then created the php script that will get the users input and pass it to the BASH script:

    Code:
    <html> 
    <head> 
    <title>New UNIX User @ tristanevans.net</title> 
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
    </head> 
    <body> 
    <form name="form1" method="post" action="newuser.php"> 
    <p>Login:<br /> 
    <input name="login" type="text" id="login"><br />
    </p> 
    <p>Full Name:<br />
    <input name="name" type="text" id="name"><br /> 
    </p> 
    <p>Password:<br />
    <input name="pwd" type="password" id="pwd"><br /> 
    </p> 
    <p> 
    <input type="submit" name="Submit" value="Create"> 
    </p> 
    </form> 
    </body> 
    </html>
    
    <?php 
    if (isset($_POST['login'])) { 
    $login=$_POST['login']; 
    $nombre=$_POST['name']; 
    $passwd_crypt=crypt($_POST['pwd']); 
    
    $res=`bash /srv/http/cgi-bin/newuser.sh $login "$name" '$passwd_crypt'`; 
    echo "<br><br>User Created"; 
    } 
    ?>
    And that's all there is to it! It's quite insecure, but it's much more safe than what I was getting at before. I don't know if I would recommend it on a 'serious' server.

    If you have any questions or tips on improving this, feel free to share

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •