1

I am trying to write a PHP script which executes a shell command (via system()?) to add a new user to the server. I am thinking about using useradd or adduser but don't know how I will get it to work. What flags are necessary to execute useradd in a script? And how would I set the permissions on the script so it executes properly? This doesn't work:

<?

$user = $_GET['user'];

system("sudo useradd -m -p 4dk/kBWvKaP52/POJYOZGLam8qZnCkQtdw== $user; echo $user");

?>
Improve this question
9
  • Does the user running the script have sudo permission? Commented Apr 4, 2011 at 23:47
  • You will add a user $user? What should the echo do? Commented Apr 4, 2011 at 23:52
  • @wallyk It's a web page, so I am assuming the user running it is Apache...? Commented Apr 4, 2011 at 23:52
  • @KingCrunch Yes, $user is a GET variable. Echo is just for testing purposes. Commented Apr 4, 2011 at 23:54
  • A, I see: double quotes. Commented Apr 4, 2011 at 23:55

1 Answer 1

Reset to default
5

You'll need to add a line to /etc/sudoers like

www-data ALL=(root) NOPASSWD: /usr/sbin/useradd

This allows www-data to run the useradd command.

You may also need to comment out this line, if it exists in /etc/sudoers:

Defaults requiretty

By the way, it's a good idea to escape your inputs with escapeshellarg():

$user = escapeshellarg($_GET['user']);
system("sudo useradd -m -p 4dk/kBWvKaP52/POJYOZGLam8qZnCkQtdw== $user; echo $user");
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

@stooploopl: check the server log and system log, and maybe the security log (if security is enabled). Somewhere there is a message hinting at the cause of the problem.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.