 |
Submit Your Code | |
 |
SEO Monitor | |
 |
UpTime Monitor | |
 |
PHP Code Contest | |
 |
My Favorite Examples | |
|
My Favorite Articles | |
 |
Update Your Profile | |
|
|
| More Weber Sites | ||
| PHP Code Search | ||
| Web Development Forums | ||
| Learn MySQL Playing Trivia | ||
| PHPBB2 Templates | ||
| Web Development Index | ||
| PHP Web Logs (BLogs) | ||
| Web Development Resources | ||
| Web Development Content | ||
| Recommended Links | ||
| PHPClasses | ||
| PHP Editor | ||
| PHP Jobs | ||
| Vision.To Design | ||
| Ajax Tutorials | ||
| PHP Programming Help | ||
| PHP/MySQL Programming | ||
| Webmaster Resources | ||
| Webmaster Forum | ||
| XML meta language | ||
| website builder | ||
| Recommended | ||
| Submit Site | ||
| Forex Trading Online forex trading platform | ||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Code | |||||||||||||||||||||||
This is a short tutorial on how to add a new user in a Linux Operative System using Apache and PHP. Fisrt, you should have your own Apache Server on a Linux environment. It's necessary to have root access as well, since only root can make changes to the system. There are many ways to do that and I'm sure there may be better and more secure code to solve this kind of problem. Anyway I'm proposing a solution to let people think about it and develop their own ideas. Linux Part ___________________________________________________________ In my case, Apache service uses user "apache" from the group "apache" when it's running. It's not a good idea to let apache user be root because everybody accessing your web server could have lots of privileges. The main idea is to let apache user do small things as if he were root. To do so, we use sudo command. So let's imagine that we are working in directory /var/www/:
Inside the subdirectory html we have our server web pages, and inside the users subdirectory all the html pages from our users in the server. We are going to create a bash file called newuser inside cgi-bin that will: Create a user, which implies creating his own home directory. Creates his own /var/www/users/<user_login> directory to upload his web page. And will create a symbolic link called www inside his /home/<user_login> directory that will point to the real web directory /var/www/users/<user_login> The code for this bash file will be something like:
Usage:
Let's explain the code: The first line will add a user with login, full name and password parsed to the command line. The home directory option it's not used because the default directory just suites us. Second line will create the users' personal web directory. Third line will create a symbolic link to this directory at users' home. Last line changes the owner of the users' personal web directory to the new user. This is because this directory belongs to root when we create it, so no one could change or add any file if we don't change after creating it. Sudo: the sudo command will do any action as any other user. It means (Super User DO) and his use is as follow:
If we don't specify the <user>, action will be done as if we are root. Obviously it can't be used by anyone to perform any action. We need to specify allowed users and allowed actions. Actually this allowed action are reserved to root, so we will have to let our apache user use them. To do this we have to uptate de sudoers file, which could be found in /etc/sudoers. Iit's recommended to use the visudo command. This will edit our sudoers file and check for any mistake. Our sudoers file should look like:
Here we say to the sudo command that apache user is allowed to use useradd, mkdir, ln and chown without typing any password from ALL computers as he were root. \ is used to use a new line. We should specify the full path to any command. This is because probably users won't have the path to this command stablished. PHP Part ____________________________________________________ The PHP part is the simplest part. We only need to call to this bash file parsing the correct arguments. To do this, we create a php file with this simple code.
We are using the `` operator from php to execute our bash file. We parse needed arguments. It's important to look after '' and " " that will corrupt the correct function of the `` operator. We could have used the exec or the system command from php because they are also available. There's no specific reasons why we used `` operator. Future considerations _________________________________________________ We have exposed a simple solution, may be any others and this may be better as well. This solution makes poor look to the security issue. Will be interesting to evaluate the risk to let apache user those privileges. It's strickly recommended to watch at the variables parsed to the bash files. It could be done from PHP. It means, not parsing empty variables, correct and secure password. There's no way to know from the internet explorer if the operation performed by the bash file it's being correct or not. It would be interesting to modify the bash file so let it return any value that we could interpreted from PHP to let client know if it's being any problem. That's all. I hope you enjoy that. Xavi Gonzalvo | |||||||||||||||||||||||
| Related Code Examples | |||||||||||||||||||||||
