initially问了一个问题有关如何通过该执行服务器端的PHP脚本的HTML页面创建通过HTML Linux用户(主要是用户注册这或多或少的问题命令 shell_execute(用户的adduser )。但是,从那时起,我已经认识到这个问题与Apache用户做的。
默认的Apache用户是www数据。这工作得很好大部分的时间,你可以指定文件或文件夹无论是www数据的用户,或WWW的数据组。但是,当你需要的root访问权限就复杂的问题。要创建新的Linux用户,我第一次尝试这样的事情
了shell_exec(SSH -v根@ $服务器\\useradd的--password`回声\\$密码\\| makepasswd --clearfrom = - --crypt-MD5 | awk的{打印$ 2}'`-m $用户名\\);即使我公开/私有密钥,允许用户从WWW的数据,以根密码的条目,我不知道到底哪里把这些键。看来WWW的数据没有主文件夹。 PHP的命令了shell_exec(回声$ HOME)或了shell_exec(回声$ USER)返回空/空串。但是,命令了shell_exec(WHOAMI)正确返回WWW的日期。我尝试过其他方法来发现主文件夹,如了shell_exec(CD〜),但是,导致错误。有没有找出一些办法,其中SSH搜索,每个用户,寻找公钥/私钥的时候?到目前为止我试过 /家庭/ www数据/的.ssh / 和/var/www/.ssh 。
另外,我试过
了shell_exec(回声超级用户口令|须藤useradd的-S'--password回声\\输入mypassword \\| makepasswd --clearfrom = - --crypt-MD5 | awk的'{$打印2 }'`-m罗洛);但是,抱怨说,超级用户口令我用不正确。看来用户WWW的数据有不同的root密码!事实上,我甚至不知道它的密码是什么。
有人能引导我在正确的方向,我怎么能解决这个问题。我需要能够为每个注册新的人创建的Linux用户。
感谢
解决方案shell_execute(用户的adduser)
这是可怕的,糟糕的,危险的。
了shell_exec(SSH -v根@ $服务器
OMG! - 这是更糟糕
看来WWW的数据没有主文件夹
真的吗?什么让你有那个想法?然而,问题是没有实际意义,因为,除非你是设置一个蜜罐允许根SSH访问不是解决问题的办法。
假设你真的,真的需要从网络服务器,创建用户要做到这一点是正确的方式:
另外,设置为通过[X]的inetd其内容的共享秘密,并从标准输入用户名和运行的adduser作为root,限制对本地主机连接的脚本,并设置你的PHP脚本通过套接字这一沟通。
I initially asked a question about how to create linux users via HTML (essentially the user registers via an HTML page which executes a server side PHP script which more or less issues the command shell_execute("adduser user"). But, since then, I have come to realize that the problem has to do with the Apache user.
The default apache user is www-data. This works fine most of the time, as you can assign files or folders to either the www-data user, or the www-data group. However, it complicates issues when you need root access. To create new linux users, I first tried something like this
shell_exec("ssh -v root@$server \"useradd --password `echo \"$password\" | makepasswd --clearfrom=- --crypt-md5 |awk '{ print $2 }'` -m $username\" ");Even if I made public/private keys to allow passwordless entry from user www-data to root, I don't exactly know where to put these keys. It appears www-data has no home folder. The php command shell_exec("echo $HOME") or shell_exec("echo $USER") returns null/empty string. However, the command "shell_exec("whoami")correctly returns www-date. I tried other ways to discover the home folder, such asshell_exec("cd ~"), however, that caused an error. Is there some way of finding out where ssh searches, per user, when looking for public/private keys? I have so far tried/home/www-data/.ssh/and /var/www/.ssh.
Alternatively, I tried
shell_exec("echo root_password | sudo -S useradd --password `echo \"mypassword\" | makepasswd --clearfrom=- --crypt-md5 |awk '{ print $2 }'` -m rolo ");But that complains that the root_password I used is incorrect. It appears user www-data has a different root password! In fact, I don't even know what its password is.
Can someone steer me in the right direction as to how I can resolve this issue. I need to be able to create linux users for every new person that registers.
Thanks
解决方案shell_execute("adduser user")
This is scary, bad, dangerous
shell_exec("ssh -v root@$server
OMG - that's even worse!
It appears www-data has no home folder
really? What makes you think that? However the question is moot since, unless you are setting up a honeypot allowing root ssh access is not the way to solve the problem.
Assuming that you really, really need to create users from the webserver, the right way to do this would be:
Alternatively, set up a script via [x]inetd which reads a shared secret and a username from stdin and runs adduser as root, restrict connections to localhost and set up your PHP script to communicate with this via sockets.
更多推荐
Apache2的权限问题
发布评论