You’re also going to want to run this [and honestly all your shell parameters] through escapeshellarg() to make sure metacharacters are properly escaped.
Lastly:
for this use case security is not a concern
Security is always a concern. This is usually doubly true for cases when you don’t think it should be. I have had users that I unfortunately trusted to know better exploit security holes in internal applications to execute commands with root privileges in order to avoid simply having to make a ticket.
You want as much isolation from the outward facing parts of your system (web pages) from the internal administration. To that end your script should only be able to create users within the constraints you set. Write a separate script which takes 2 arguments – a username and a password (although for preference it should generate a random password) which applies THOROUGH validation of the inputs (e.g. no ‘/’ in user name) and give your webserver uid sudo provileges on that script only (it could be iwritten n PHP calling adduser directly).
The reason your code isn’t working is that passwd clears the input buffer before reading the password. And typically it asks for the new password twice – but the prompts and replies vary by context. There are other programs you can use for setting passswords which are more consistent – chpasswd is fairly standard on Linux systems – and as Sammitch says some versions of useradd allow the password to be specified at the time the user is created.
2
Answers
You cannot invoke
passwd
non-interactively. Period.You can supply
useradd
with a pre-computed password hash with the-p
option, though. [See:man useradd
]Output:
You’re also going to want to run this [and honestly all your shell parameters] through
escapeshellarg()
to make sure metacharacters are properly escaped.Lastly:
Security is always a concern. This is usually doubly true for cases when you don’t think it should be. I have had users that I unfortunately trusted to know better exploit security holes in internal applications to execute commands with root privileges in order to avoid simply having to make a ticket.
Don’t do this.
You want as much isolation from the outward facing parts of your system (web pages) from the internal administration. To that end your script should only be able to create users within the constraints you set. Write a separate script which takes 2 arguments – a username and a password (although for preference it should generate a random password) which applies THOROUGH validation of the inputs (e.g. no ‘/’ in user name) and give your webserver uid sudo provileges on that script only (it could be iwritten n PHP calling adduser directly).
The reason your code isn’t working is that
passwd
clears the input buffer before reading the password. And typically it asks for the new password twice – but the prompts and replies vary by context. There are other programs you can use for setting passswords which are more consistent – chpasswd is fairly standard on Linux systems – and as Sammitch says some versions of useradd allow the password to be specified at the time the user is created.