Um... is that the linux "useradd" program you're trying to run from the web server? Isn't that a "root-only" activity -- and rightly so?

Only root (superuser), or a user to whom root has granted "sudo" access for the "useradd" command, is allowed to use this tool, and this is a good thing, because you really don't want just anyone to be able to do this -- certainly not the web server (which typically runs under a special user account with carefully limited permissions).

Apart from not wanting a web page where anyone can come in and create a linux user account for themselves (that would be spammer/hacker heaven!), you also really do not want a string passed in via a cgi POST to be passed directly to a command-line shell, which is what you are doing with that system call. This is another thing that malicious hackers really love to see.

Read up on taint checking in perlsec and maybe use the PM SuperSearch to look up stuff on taint checking. (I'll bet there's stuff in the Tutorials wing that will be very helpful for you.)