0

I'm writing a PHP program that calls bash scripts. I'm using Linux (Centos). I'm trying to create a new user in Linux by entering username and password in the PHP page. this is the script I'm using:

egrep "^$1" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
    echo "$1 exists!"
    exit 1
else

    sudo useradd -m -p $2 $1
    [ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
fi

this is how I call the script from PHP:

echo exec("/var/www/html/addUser.sh ".$username." ".$password);

it works when running it from terminal, but when calling the script from PHP it doesn't work. it is a matter of permissions. what should I do in order to allow the PHP (apache) to also add users? I've tried adding 'apache' to visudo both as user and as a group:

%apache ALL=(ALL)   NOPASSWD: ALL
 apache    ALL=(ALL)       ALL

it still doesn't work. any ideas? thanks.

Improve this question
3
  • 2
    Holycow, remove that entry from /etc/sudoers. You're essentially granting Apache full access to your system. Commented Jul 31, 2015 at 0:37
  • still didn't get it to work. any other ideas? thanks. Commented Jul 31, 2015 at 14:23
  • While this is an old post, %apache ALL=(ALL) NOPASSWD: ALL borders on criminally insane. Commented Jan 30, 2023 at 22:20

1 Answer 1

Reset to default
2

You are attempting to let PHP run arbitary code on a web server as root -- this is extremely inadvisable, as if someone were to find a hole in your code and inject their own, they would literally be able to do anything they liked with your server!

That being said, you can call an external script using exec("command"); or use backticks like:

$command_output = `shell_command`;

For more information see php's exec function

If you really do want to proceed with this, I would suggest storing your script (the one at the top that you'd like to run) and then calling that script with exec(), while only allowing sudo passwordless access to that one script.

Additional:

You might want to try shell_exec instead of exec - this runs your command in a shell, which I think might fix any environment issues you may be having.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

thanks. i've just tried the full permissions to PHP to see if it works. and it didn't. about 'exec' - I'm already using it to call the script. the question was how to allow PHP to create a new user.
Check what environment exec() is passing on to your script - might be that it is either failing to find your script or failing to set sudo up properly due to missing "presumed" environment variables. I have called useradd from a PHP page using backticks before, so it is possible and I see no reason exec() would be any different -- as I said though, highly inadvisable - No bad reflection on you for wanting to do it anyway, but I have to keep reiterating in case someone comes across this post in 6 months time ;)
I've just had one of those "while walking away from my computer" thoughts -- have you tried using shell_exec?
it'd be interesting to see what the full output of your shell script was when it runs - any chance you could amend your echo exec("/var/www/html/addUser.sh ".$username." ".$password); to use backticks (exec only reproduces the last line when called with one argument) and post any results in your question?
I get "Failed to add a user! "
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.