in reply to Re: cgi script error
in thread cgi script error

thanx for you help ...,
but iam a newbie that want to make asimple program that
adminstarte the lunix enviroment
how can i think about that ?
i think when iam using the system function i can use it to administarte the linux enviroment throw it..
So how can i think about something like that
and thanx for all

Replies are listed 'Best First'.
Re^3: cgi script error
by f00li5h (Chaplain) on Apr 09, 2007 at 03:53 UTC

    It won't help you with your perl, but there are many other controll panels which do all of that and more.

    If you're just wanting to do it as an exercise, I'd say admin on a unix-like is not a good starting project.

    To do it, you'd need a daemon running as root (so you have the permissions) that is given commands through some sort of queue mechanism (like a table in a database or some funky inter process communication to get the messages across. Running CGI scripts as root is likely to end badly even if you do all the things listed in perlsec (like using -T)

    Proc::Daemon will give you your daemon, you can just connect to the database, and then check (say every minute) for rows in the stuff_to_do table...

    'tis a big task...

    Also there was an example of your useradd in either Perl for System Administration or Automating UNIX and Linux Administration. I'm not sure which.

    @_=qw; ask f00li5h to appear and remain for a moment of pretend better than a lifetime;;s;;@_[map hex,split'',B204316D8C2A4516DE];;y/05/os/&print;
[reply]
[d/l]
[select]
      thanx mr. F00li5h i mean mr. intelligent :)
      i will tell you what i understood from u .....
      first: i will make a table or something by using Mysql and add the different user records like UID and Password .....
      and then use adatabase DBI connection or something? ....to connect between DB and my script but what will make the connection between the DB and the system like adding the new account to the /etc/passwd....,
      or you mean that i will using the DB to just call the password root from there
      forgive me for my dummy questions but iam really needing your help
[reply]

        mr. intelligent :)
        Oh, you. *blush*

        You sound like you kinda get it, but kinda don't, so i've prepared a lovely diagram. (sorry to those monks using a screen reader) 

                ___          
       (___)
 mysql |   | --> your daemon --> useradd
       |   |    (as root)   
        ---
         ^
         |
     CGI scripts
    run by Apache
(as nobody, apache or httpd)

        The reason you want it to be so convoluted is because of user permissions. The CGI scripts must run as the least privileged user (cause you cant trust the internet) and you must run the useradd stuff as root. (ofcourse you need to authenticate users on the CGI script so randoms can't just add their own user)

        Another solution might be to use some sort of directory and PAM authentication. You can add users to an LDAP directory as any user that has permissions on the directory ... (but that has many overheads)

        @_=qw; ask f00li5h to appear and remain for a moment of pretend better than a lifetime;;s;;@_[map hex,split'',B204316D8C2A4516DE];;y/05/os/&print;
[reply]
[d/l]

In Section Seekers of Perl Wisdom