Sigmaomega Posted September 28, 2009 Share Posted September 28, 2009 Hello, I'm new to this forum, but I have been searching for a great deal of time as to why I'm experiencing problems with shell_exec() through apache2. First off, I'm using ubuntu Jaunty 86-64 with kernel 2.6.28-15-generic with PHP5 and apache2(.2.11). Secondly, I have given apache2 (www-data) root, nopasswd access to the system via visudo. Specifically to the useradd, userdel, and passwd scripts found on the ubuntu system. Now, I feel as though I can execute these scripts (safely-with a variety of checks and counters like escapeshellcmd and as well as not passing any non-alphanumeric symbols to the shell_exec() call). Thus: escapeshellcmd($user); escapeshellcmd($passwd1); escapeshellcmd($passwd2); shell_exec("/usr/bin/sudo /usr/sbin/useradd -d /home/chroot/ViBE/home/{$user} -m -g ViBE_Students {$user}"); shell_exec("/usr/bin/sudo /usr/bin/passwd {$user}"); shell_exec($passwd1); shell_exec($passwd2); This only creates a user..but it can not be logged in to. Through terminal commands, this works perfectly fine, and everything can be accessed. I'm really not sure what has happened as it used to work great. Maybe a kernel change (I'm really just guessing)? -SigmaOmega P.S. safe_mode is not enabled. Quote Link to comment https://forums.phpfreaks.com/topic/175866-php-not-using-useraddpasswd-linux-cmds-correctly/ Share on other sites More sharing options...
trq Posted September 28, 2009 Share Posted September 28, 2009 passwd prompts for a password. You would need to use expect to reply to these prompts. Quote Link to comment https://forums.phpfreaks.com/topic/175866-php-not-using-useraddpasswd-linux-cmds-correctly/#findComment-926658 Share on other sites More sharing options...
Sigmaomega Posted October 5, 2009 Author Share Posted October 5, 2009 I'm really not understanding what you mean by using expect. I've tried using both popen and ctl after installing PECL extensions. For further information regarding the issue, I've noticed that PAM isn't being called to authenticate the password. The following is logged after "sudo passwd" is used via terminal. passwd[20404]: pam_unix(passwd:chauthtok): password changed for This isn't called when www-data is attempting to change the password. Any help? -Sigmaomega Quote Link to comment https://forums.phpfreaks.com/topic/175866-php-not-using-useraddpasswd-linux-cmds-correctly/#findComment-930933 Share on other sites More sharing options...
Daniel0 Posted October 5, 2009 Share Posted October 5, 2009 You're never setting the password, so obviously you cannot login. As thorpe said, passwd expects you to type in a password when you've called it. Your escaping won't work either, by the way. Quote Link to comment https://forums.phpfreaks.com/topic/175866-php-not-using-useraddpasswd-linux-cmds-correctly/#findComment-930946 Share on other sites More sharing options...
Sigmaomega Posted October 7, 2009 Author Share Posted October 7, 2009 Ok, so i got this far: $stream = expect_popen("/usr/bin/sudo /usr/bin/passwd testing"); $case = array(array (0 => "password:", 1 => PASSWORD)); { switch (expect_expectl ($stream, $case)) { case PASSWORD: fwrite ($stream, "welcome\n"); fwrite ($stream, "welcome\n"); break; default: die("Error"); }} fclose($stream); It is parsed correctly, but the password does not set. Am I missing something? -Sigmaomega P.S. Thank you for the help btw, I'm a novice when it comes to php. Quote Link to comment https://forums.phpfreaks.com/topic/175866-php-not-using-useraddpasswd-linux-cmds-correctly/#findComment-932524 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.