Find the answer to your Linux question:
Results 1 to 10 of 10
I'm trying to run a perl script on my webserver that will add a new user using the code: Code: system("sudo /usr/sbin/useradd $username"); Except it keeps throwing errors. It always ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2008
    Posts
    6

    Apache and sudo


    I'm trying to run a perl script on my webserver that will add a new user using the code:

    Code:
    system("sudo /usr/sbin/useradd $username");
    Except it keeps throwing errors. It always exits with an exit status of 1.

    I'm pretty sure it's not a syntax problem. I've got chmod 777 on useradd, as well as allowing everyone to run it without a password in my sudoers. I already posted this problem here:

    Bad file descriptor on system() call - CodingForums.com

    and thanks to the info I got there I figure it either has to do with environment variables and what sudo does with them, or for some reason useradd not being able to write the passwd file. Would anyone know anything about this?

  2. #2
    Just Joined!
    Join Date
    Nov 2008
    Posts
    6
    I've narrowed down the culprit to sudo. Apache can't execute sudo commands. I have the line:

    Code:
    apache  ALL=(ALL)       NOPASSWD:ALL
    In my sudoers, so there shouldn't be any problems at all. Any ideas?

  3. #3
    Linux User
    Join Date
    May 2008
    Location
    NYC, moved from KS & MO
    Posts
    251
    What's the uid that runs the web service? Check httpd.conf or uid.conf (if any) for setting User.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Nov 2008
    Posts
    6
    I have:

    User apache
    Group apache

    in my httpd.conf. There is a user (UID:48 ) and group named apache, and the webserver works fine in terms of spitting out webpages, so I don't think there's any problem there. Maybe there's something I'm missing though :-/

  6. #5
    Linux User
    Join Date
    May 2008
    Location
    NYC, moved from KS & MO
    Posts
    251
    All you need is to change
    system("sudo /usr/sbin/useradd $username");
    into
    system("/usr/sbin/useradd $username");

    The reason for this is apache is not in the wheel group (most likely) hence you cannot sudo from this user.

    And also you don't really need to give too much privileges to the apache user, so I would suggest to change the line
    apache ALL=(ALL) NOPASSWD:ALL
    into
    apache ALL=NOPASSWD: /usr/sbin/useradd
    which grants only the adding user privilege to user apache.

  7. #6
    Just Joined!
    Join Date
    Nov 2008
    Posts
    6
    Yeah, I was gonna narrow down apache's privleges once I figured out what was wrong. When I try the system call without the sudo it doesn't work, giving an exit status of 1. The useradd man page says that an exit status of 1 means that it couldn't update the password file. Is there any way I can figure out why not?

    I don't think it's because apache isn't in the wheel group. The only user in that group for me is root, my normal account (God) isn't. Instead I have the line:
    God ALL=(ALL) ALL
    in my sudoers and it works fine.

    When I try the system call with sudo the exit status is also 1. Sudo's man page says this about an exit status of 1:

    "Otherwise, sudo quits with an exit value of 1 if there is a configuration/permission problem or if sudo cannot execute the given command. In the latter case the error string is printed to stderr."

    How can I read from stderr? I tried $blah = <STDERR>, but it didn't do anything.

    I realize I haven't really given any system specs for my computer. I'm running Fedora Core 8, kernel 2.6.26.5-28.fc8.

  8. #7
    Linux User
    Join Date
    May 2008
    Location
    NYC, moved from KS & MO
    Posts
    251
    Actually I was wrong about the sudo thing,
    you code is the correct way:
    system("sudo /usr/sbin/useradd $username");

    I tried the exact command on OpenSuSE by opening a php page
    <?php
    user="abcde"
    system("sudo /usr/sbin/useradd $user",$ret);
    echo "return value $ret";
    ?>
    and I got the user abcde added correctly and a return value of 0.
    I have
    wwwrun ALL=NOPASSWD:/usr/sbin/useradd
    in /etc/sudoers
    wwwrun is uid in apache on SuSE

    I've never used fedora but according to this thread:
    How To Add user in Fedora Core 4 using the Command Line Interface - LinuxQuestions.org
    Maybe only root can run the useradd command.

  9. #8
    Just Joined!
    Join Date
    Nov 2008
    Posts
    6
    Doesn't sudo run the command as root though? Would my environment variables have anything to do with it?

    If all else fails, can I "trick" useradd into thinking apache is root in some way (I thought that's what sudo did, actually)?

    Thanks for your help so far, by the way, I do appreciate it.

  10. #9
    Linux User
    Join Date
    May 2008
    Location
    NYC, moved from KS & MO
    Posts
    251
    Is selinux enabled in /etc/selinux.conf? If so you should disable it and try again.

  11. #10
    Just Joined!
    Join Date
    Nov 2008
    Posts
    6
    In fedora "config" file is located in /etc/selinux, but I'm pretty sure it amounts to the same thing. Yes, selinux was disabled.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •