0

I'm creating an internal tool that needs a bit of cpanel/webmin type functionality, but this isn't a situation where I could use one of those

Right now I need to be able to create linux users, groups, and directories via PHP. Here's what I have right now:

copies of useradd/groupadd/chpasswd in a user's /bin, SUID'd by root. the permissions are setup so only root and a specific group can access them (the group that the user is in).

If I run this from command line it works fine, but I was hoping to use suexec to access these, but it seems as if PHP won't work with suexec unless I run it through CGI which I don't really wanna do.

I could also allow wwwrun to access these SUID'd binaries but that seems a little insecure to me.

What is my next step here? Thanks!

Lowgain
  • 237
  • 1
  • 2
  • 7

1 Answers1

2

This is a bad idea. Use PAM to move the authdb into something like a database where you don't need to invoke system tools in order to make changes.

Ignacio Vazquez-Abrams
  • 45,019
  • 5
  • 78
  • 84
  • could you give me any links to put me in the right direction on something like this? – Lowgain Nov 28 '10 at 05:50
  • would PAM be used to allow users ftp/ssh access of specific directories, or would it be used to allow PHP to create users for that? – Lowgain Nov 28 '10 at 21:38