0

I have this PHP code

<?php
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);



if(!empty($_GET) && !empty($_GET['user']) && !empty($_GET['mem']) && !empty($_GET['id']) &&!empty($_GET['k'])) {
    $user = $_GET['user'];
    $mem = $_GET['mem'];
    $id = $_GET['id'];
    $pass = $_GET['k'];
    $fullname=  escapeshellarg($user."-".$id);

    echo $user; 
    echo $mem;
    echo $id; 
    echo $pass;
    echo "<br/>";

    mkdir("/home/servers/".$fullname, 0, true);
    $outputuser = shell_exec("sudo useradd -d /home/$fullname $fullname");
    $outputpass = shell_exec('echo -e '.$pass.'\n'.$pass.'\n" | sudo passwd '.$fullname);

    echo $outputpass;

}


?>

the password isnt working right though. when i run it from the terminal i get 

 Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error
now surely theres a better way of doing this without exposing both useradd AND passwd to not needing passwords in sudo?

Improve this question

2 Answers 2

Reset to default
1

This won't be an answer, but really important warning. Your script may allow user to gain full access to your server, as he may input "../" as a $fullname. Passing user input as an argument without using escapeshellarg() is a suicide.

Resolution to your problem may be creating some crontab task that would create users from database every defined period of time. This way your password won't be exposed.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

I understand this, for a start this is an internal facing Web servers taking known values from an external facing web server, it has no end-user control. This at this point in time is also only a proof of concept type thing, I will add security measures as soon as I get the code working in its raw form.
You can add http user permission to use adduser command then, but this is dangerous.
what exactly do you mean?
Something like http ALL=NOPASSWD:/usr/sbin/useradd,/bin/mkdir,/bin/ln,/bin/chown,/bin/cp,/bin/sed with visudo
www-data already has access to use useradd and passwd without needing a password on sudo, it is able to create the user but the password changing fails because the passwd returns an error on the "echo -e ".$pass."\n".$pass."\n" | sudo passwd ".$fullname
|
0

You have to use double quotes in the second shell_exec otherwise PHP doesn't convert escaped characters to control characters.

Improve this answer

1 Comment

right I see, but is there no way to do it without needing that passwd at all? (perhaps using the -p flag in useradd, but i have no idea how to handle the encryption)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.