From owner-freebsd-stable  Tue Dec 18 18:24:58 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from catalyst.sasknow.net (catalyst.sasknow.net [207.195.92.130])
	by hub.freebsd.org (Postfix) with ESMTP id B7C1237B416
	for <freebsd-stable@FreeBSD.ORG>; Tue, 18 Dec 2001 18:24:54 -0800 (PST)
Received: from localhost (ryan@localhost)
	by catalyst.sasknow.net (8.11.6/8.11.6) with ESMTP id fBJ2QZU32971;
	Tue, 18 Dec 2001 20:26:35 -0600 (CST)
	(envelope-from ryan@sasknow.com)
X-Authentication-Warning: catalyst.sasknow.net: ryan owned process doing -bs
Date: Tue, 18 Dec 2001 20:26:35 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
X-X-Sender:  <ryan@catalyst.sasknow.net>
To: Ian Chilton <ian@ichilton.co.uk>
Cc: <freebsd-stable@FreeBSD.ORG>
Subject: Re: OT: Adding a user to freebsd from cgi?
In-Reply-To: <000301c1882c$a2d2ff40$0a01a8c0@dipsy>
Message-ID: <20011218201909.G32770-100000@catalyst.sasknow.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Ian Chilton wrote to freebsd-stable@FreeBSD.ORG:

> Hello,
>
> Does anyone have any cgi scripts to add a user to a freebsd
> system?

Sure, but they're rather specific to our particular purpose... Read up
on pw(8) and suexec(8) (part of Apache). That's one way to do it.

A more secure and scalable way to do it would be to have your CGI
script just queue the new users in a file (flat "transaction" file is
fine). This is easy to code... You just have to parse the input and
write it out in a format your other script can understand. With perl,
you can check for things like duplicate users with getpwent(), as a
normal user.

Then, have a root CRON job process the output file every 5-15 minutes.
The cron job can be a simple script that runs pw(8) based on the saved
settings in the CGI file. If your system is very busy, you can
increase the delay, or just run it nightly, etc.

Code the scripts VERY carefully, as they will be indirectly processing
user input from the WWW, and will be mucking with the password
database. (for example you DON'T want to give someone the ability to
create a user with uid 0 (or any existing uid for that matter)).


> Thanks!
>
> Ian

Hope this helps.
- Ryan

-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts

  SaskNow Technologies - http://www.sasknow.com
  #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2

        Tel: 306-664-3600   Fax: 306-664-1161   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message