cron adduser

Hi,

creating a .php containing


and called by cron as root does not create a user.


What can i change to make it work??

thx for idears.

Re: cron adduser

In article <46cd9980$0$416$426a74cc@news.free.fr>,
Séverin Richard wrote:

> Hi,
>
> creating a .php containing
>
>
> and called by cron as root does not create a user.
>
>
> What can i change to make it work??

wouaaaa.
That's looks like the worst idea ever to me.
I see 3 problems here :

you should not allow php to run exec.
you can't call a command requiring root privileges from apache
if you want to create users automatically, you must keep everything out
of reach of remote users.

I don't know what brainstorming yielded to your cron/php thing, but be
sure it's a very bad idea.

patpro

--
http://www.patpro.net/

Re: cron adduser

FIRST:
root privilege do not allow users to call the php script:
http://themachine/thesecretpass/myphpEXEC.php
returns "NOT ALLOWED gid unsificient..etc"...

SECOND:
the phpscript makes a database query and implements users that had
allready suscribe the site, and are waiting for confimation.

No other user may be added here.
all Strings concerning users are escaped with all no alphanumeric
characteres.
$secureSTR = ereg( "[^0-9a-zA-Z]","", rowsquerySrt );


THIRD:
I have to create user dynamicaly...

>>creating a .php containing
>>
>>
>>and called by cron as root does not create a user.
>>
>>
>>What can i change to make it work??



Who can help??





patpro ~ Patrick Proniewski wrote:
> In article <46cd9980$0$416$426a74cc@news.free.fr>,
> Séverin Richard wrote:
>
>
>>Hi,
>>
>>creating a .php containing
>>
>>
>>and called by cron as root does not create a user.
>>
>>
>>What can i change to make it work??
>
>
> wouaaaa.
> That's looks like the worst idea ever to me.
> I see 3 problems here :
>
> you should not allow php to run exec.
> you can't call a command requiring root privileges from apache
> if you want to create users automatically, you must keep everything out
> of reach of remote users.
>
> I don't know what brainstorming yielded to your cron/php thing, but be
> sure it's a very bad idea.
>
> patpro
>

Re: cron adduser

"Séverin Richard" wrote in message
news:46cd9980$0$416$426a74cc@news.free.fr...
> Hi,
>
> creating a .php containing
>
>
> and called by cron as root does not create a user.

If it didn't work, then surely you'll have some errors - cron output
generally gets emailed somewhere (and this output will probably tell you why
it didn't work)

> What can i change to make it work??

you'll probably find that cron doesn't have the same path as your logged in
user and you'll need to do:

Re: cron adduser

Tanks Phantom for ur answer.

In fact i make a log file for output.

fwrite( $log , exec( "whoami" ))

works and returns root.

BUT !!!

useradd needs effectively to be called by real path !!!!!!!!!!!!!!!!!

thxthxthx...




phantom wrote:
> "Séverin Richard" wrote in message
> news:46cd9980$0$416$426a74cc@news.free.fr...
>
>>Hi,
>>
>>creating a .php containing
>>
>>
>>and called by cron as root does not create a user.
>
>
> If it didn't work, then surely you'll have some errors - cron output
> generally gets emailed somewhere (and this output will probably tell you why
> it didn't work)
>
>
>>What can i change to make it work??
>
>
> you'll probably find that cron doesn't have the same path as your logged in
> user and you'll need to do:
>
>
>

Re: cron adduser

On Aug 23, 4:28 pm, S=E9verin Richard wrote:
> Hi,
>
> creating a .php containing
>
>
> and called by cron as root does not create a user.
>
> What can i change to make it work??
>
> thx for idears.

Instead of creating system users dynamically that way, I would :

1- replace your php file with an other one that simply writes the
username I want to create in a temporary text file thata remotely
called php script can access ..
2- add a cron that periodically runs a shell script as root that,
checks wheter the temporary file contain some users to add, add users
if ever there are users to add and empty the file/comment the line
containing the user that's bee already added ..

This seems to me much more clean than using php exec() ...