Reply to Re: apache (root) + php4

Your name:

Reply:


Posted by "M. Sokolewicz" on 09/03/05 20:49

the one you posted is created with crypt() (see crypt in the php manual)
Michelle Konzack wrote:

> Hi Rory,
>
> Am 2005-09-03 17:04:19, schrieb Rory Browne:
>
>
>>I'm not totally sure on the format of the passwords in /etc/shadow,
>>but can you do anything with php's md5 function? If not, then perhaps
>>the mcrypt extension may do something for you.
>
>
> Unfortunatly not, because
>
> echo -n "michellesecret" |md5sum
> or
> md5("michellesecret")
>
> produce: 28c2f05403caaa750df55efadeebd9ed
>
> but in /etc/shadow you find: $1$.NV7oLhO$Gj/ztvspUcpcJ5iUJiXNo0
>
>
> I do not find the right syntax and options to produce the later string.
>
>
>>First of all you inform your client that they are insane. Running
>>apache as root is completely unnecessary.
>
>
> Who tell you this?
>
> I have gotten this job because the original (external) maintainer
> of the systems is not more availlable. The systems are horrible!
>
> I need to reinstall from scratch.
>
>
>>to perform the above I'd use a combination of
>>suExec/suPHP/somethingLikeThat and sudo. I'd create a user called
>
>
> I have no experience with it...
>
>
>>webuserman (Web User Manager), or something like that, and have the
>>script run as webuserman. I'd change the useradd..... to sudo
>>useradd....., and mod the /etc/sudoers file to allow webuserman user
>>to call the useradd command as root(through sudo).
>
>
> OK, I wil check suExec and suPHP out.
>
>
>>If you are a lazy bastard, with very little concern for security(which
>>it seems you're not), you could simply run the script as www-data, and
>>have sudo allow www-data to do an adduser. I would oppose this
>>however, in that any php script would be able to use it.
>
>
> OK, this is what I have curently and it works fine but security...
>
> The users have there ~/public_html so they can addusers as they like.
> I think, its not so good.
>
>
>>Also make sure you escape your shell arguments.
>
>
> :-)
>
> Greetings
> Michelle
>

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация