am trying to develop something just for fun by using perl & cgi scripting with linux. What I am trying to do is, creating user from the web. This is my html script HTML: <HTML> <BODY> <FORM METHOD="POST" ACTION="/cgi-bin/myscript2.cgi"> <PRE> First Name <INPUT TYPE="text" NAME="name" MAXLENGTH=15 SIZE=15> <INPUT TYPE="submit" VALUE="Send Mail!"> <INPUT TYPE="reset" value=" Clear-Form"> </PRE> </FORM> </BODY> </HTML> This script suppose to get user input. then myscript2.cgi looks like tis Code: #!/usr/bin/perl use strict; use CGI; my $q = new CGI; my $name = $q->param( "name" ); system("/etc/sbin/useradd $name"); print $q->header( "text/html" ), $q->start_html( "Welcome" ), $q->p( "Hi $name!" ), $q->end_html; BUt it does not create the users. I wonder y. This system lacks in security. BUt I am doing it only for fun in localhost. Im learning step by step phase.if can create users. I wana figure it out how it can be done securely. But my question is how to receive the parameter from the web and use the parameter with useradd comand and create the user. HOpe u guys can give me ideas
Your perl script is executed by the Web Server's user (usually apache or nobody), which have few system privileges. To run these commands you need to run the script as a privileged user. You can use suexec(http://httpd.apache.org/docs/1.3/suexec.html) or use the sudo command. To secure your script you must implement some authentication to access the script, additionally you may also use SSL to access the script.
