Michelle Konzack wrote:
Am 2006-09-05 08:36:21, schrieb Jon Anderson:
Or create a simple shell/perl/php/whatever wrapper for adduser, and
allow sudo for that wrapper by the web server user only.
For example, you could create a wrapper that only allows one
alphanumeric argument for the username, and another for the password.
That would not be POSIX compliant...
A USERNAME must be:
^[A-Za-z_][-_.A-Za-z0-9]*
So the allowed chars should at least:
-_.A-Za-z0-9
IMO, what characters you allow in usernames on your systems is unrelated
to POSIX. It's a policy decision. POSIX merely defines what compliant
operating systems (and components) must support.
I only allow usernames with 5-8 alphabetic characters on systems that I
manage - as a human, I'm not POSIX compliant? ;-)
But his can be easily checked in PHP.
And ONLY after this passed to your wraper script.
They can also be easily checked from your wrapper with sed, wc, grep,
etc. - if your web server is compromised, you don't want to allow the
person to execute a script that doesn't properly check it's input
parameters. (That's my paranoia talking. :-)
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
