useradd command in Zope
Hi , how to use command that require Root privileges like useradd,reading shadow file.... bca'z i install zope as non root user.... now i need to use useradd command in my application....
--On 3. November 2005 17:06:55 +0530 ajit mote <mail2cajit@gmail.com> wrote:
Hi ,
how to use command that require Root privileges like useradd,reading shadow file.... bca'z i install zope as non root user.... now i need to use useradd command in my application....
Look at the sudo command (man sudo). This is basically a non-Zope question. -aj
useradd ...
On 11/3/05, Andreas Jung <lists@andreas-jung.com> wrote:
Look at the sudo command (man sudo). This is basically a non-Zope question.
i don't think this is non-zope question bca'z...
i am using python script to add user to system which works fine when run outside of zope ... but when i run it through zope as external script (with all permission) it's not working and returning 256 without giving any error...
ajit mote schrieb:
useradd ...
On 11/3/05, *Andreas Jung* <lists@andreas-jung.com <mailto:lists@andreas-jung.com>> wrote:
Look at the sudo command (man sudo). This is basically a non-Zope question.
> i don't think this is non-zope question bca'z...
i am using python script to add user to system which works fine when run outside of zope ... but when i run it through zope as external script (with all permission) it's not working and returning 256 without giving any error...
as root, su zopeuser first and then try your script. Zopeuser meaning the user account your zope runs. Again, double and tripple check if you secured this application in any way before opening it to the web.
i did the same but still not working..... On 11/3/05, Tino Wildenhain <tino@wildenhain.de> wrote:
ajit mote schrieb:
useradd ...
On 11/3/05, *Andreas Jung* <lists@andreas-jung.com <mailto:lists@andreas-jung.com>> wrote:
Look at the sudo command (man sudo). This is basically a non-Zope question.
i don't think this is non-zope question bca'z...
i am using python script to add user to system which works fine when run outside of zope ... but when i run it through zope as external script (with all permission) it's not working and returning 256 without giving any error...
as root, su zopeuser first and then try your script. Zopeuser meaning the user account your zope runs.
Again, double and tripple check if you secured this application in any way before opening it to the web.
Am Montag, den 07.11.2005, 09:32 +0530 schrieb ajit mote:
i did the same but still not working.....
On 11/3/05, Tino Wildenhain <tino@wildenhain.de> wrote: ajit mote schrieb: > > useradd ... > > On 11/3/05, *Andreas Jung* <lists@andreas-jung.com > <mailto:lists@andreas-jung.com>> wrote: > > Look at the sudo command (man sudo). This is basically a non-Zope > question. > > > i don't think this is non-zope question bca'z... > > i am using python script to add user to system which works fine > when run outside of zope ... > but when i run it through zope as external script (with all > permission) it's not working and returning 256 without giving any error... >
as root, su zopeuser first and then try your script. Zopeuser meaning the user account your zope runs.
Again, double and tripple check if you secured this application in any way before opening it to the web.
Try harder :-) Seriously, what should we do to help you? If something isn't working as expected, give us the code you try, the environment and exact error messages, preferably tracebacks.
this is what i tried .... #External script addUser.py (stored in instance/Extensions folder) import crypt import os def addUser(userName,password): password=crypt.crypt(password,"5Ag5zoM9") command="/usr/sbin/adduser -p "+password+" "+ userName return os.system(command) /////////////// attaching the application .... exported from zope2.8.1 ,python-2.3.4-11,mysql-3.23.58-13 and Linux 2.6.9-1.667 .... //////////////////////// now i hope that , problem defination is very clear and open...... /////////////////// On 11/7/05, Tino Wildenhain <tino@wildenhain.de> wrote:
Am Montag, den 07.11.2005, 09:32 +0530 schrieb ajit mote:
i did the same but still not working.....
On 11/3/05, Tino Wildenhain <tino@wildenhain.de> wrote: ajit mote schrieb:
useradd ...
On 11/3/05, *Andreas Jung* <lists@andreas-jung.com <mailto:lists@andreas-jung.com>> wrote:
Look at the sudo command (man sudo). This is basically a non-Zope question.
i don't think this is non-zope question bca'z...
i am using python script to add user to system which works fine when run outside of zope ... but when i run it through zope as external script (with all permission) it's not working and returning 256 without giving any error...
as root, su zopeuser first and then try your script. Zopeuser meaning the user account your zope runs.
Again, double and tripple check if you secured this application in any way before opening it to the web.
Try harder :-)
Seriously, what should we do to help you? If something isn't working as expected, give us the code you try, the environment and exact error messages, preferably tracebacks.
ajit mote schrieb:
this is what i tried ....
#External script addUser.py (stored in instance/Extensions folder) import crypt import os def addUser(userName,password): password=crypt.crypt(password,"5Ag5zoM9") command="/usr/sbin/adduser -p "+password+" "+ userName return os.system(command)
Heaven! Is this external method available via web? If so be prepared for massive attack :-) That aside you may consider md5 instead of crypt to make it not too easy to crack (otoh, its not really important as your script really allows for any command)
/////////////// attaching the application .... exported from zope2.8.1 ,python-2.3.4-11,mysql-3.23.58-13 and Linux 2.6.9-1.667 .... //////////////////////// now i hope that , problem defination is very clear and open...... ///////////////////
Well no, at least not your "it does not work" problem you told us. Still missing: the call to the script as "User which runs zope" which might be zope or nobody or something, depending on your configuration and the way you start zope. Add the following lines to your external method and you can run it as script too: if __name__=='__main__': import sys try: user=sys.argv[1] pass=sys.argv[2] except IndexError: sys.stderr.write("Please start me with %s <username> <password>\n" % sys.argv[0]) sys.exit(20) addUser(user,pass) and try it like this: su zope (or whoever your zope runs) ./yourmethod.py someuser somepass You will see it fail (apart from the fact you need the #!/path/to/python.bin and set the execution bit with chmod a+x before you try) Because you did not use sudo as adviced. Please try to copy the way mails are cited from other mails in this list. Dont put all your text on the top of a full quote. Thank you. Regards Tino
On 11/7/05, Tino Wildenhain <tino@wildenhain.de> wrote:
ajit mote schrieb:
this is what i tried ....
#External script addUser.py (stored in instance/Extensions folder) import crypt import os def addUser(userName,password): password=crypt.crypt(password,"5Ag5zoM9") command="/usr/sbin/adduser -p "+password+" "+ userName return os.system(command)
Heaven! Is this external method available via web? If so be prepared for massive attack :-) That aside you may consider md5 instead of crypt to make it not too easy to crack (otoh, its not really important as your script really allows for any command)
as we are going to use application only in intranet .....
we are developing this web application only for our purpose ie. using only inside our firm.... my sys admin allow me to do this .... so no security problem ....
///////////////
attaching the application .... exported from zope2.8.1 ,python-2.3.4-11,mysql-3.23.58-13 and Linux 2.6.9-1.667 .... //////////////////////// now i hope that , problem defination is very clear and open...... ///////////////////
Well no, at least not your "it does not work" problem you told us.
Still missing: the call to the script as "User which runs zope" which might be zope or nobody or something, depending on your configuration and the way you start zope.
Add the following lines to your external method and you can run it as script too:
if __name__=='__main__': import sys try: user=sys.argv[1] pass=sys.argv[2] except IndexError: sys.stderr.write("Please start me with %s <username> <password>\n" % sys.argv[0]) sys.exit(20)
addUser(user,pass)
and try it like this:
su zope (or whoever your zope runs) ./yourmethod.py someuser somepass
You will see it fail (apart from the fact you need the #!/path/to/python.bin and set the execution bit with chmod a+x before you try)
i tried using another user outside of zope ..... working very well(adding user to system).... owner of external method is root and set_user_id bit is set..... but problem is when i run attached app it is not adding user ....
Because you did not use sudo as adviced.
Please try to copy the way mails are cited from other mails in this list. Dont put all your text on the top of a full quote. Thank you.
Regards Tino
i am really sorry for the same....
su zope (or whoever your zope runs) ./yourmethod.py someuser somepass
You will see it fail (apart from the fact you need the #!/path/to/python.bin and set the execution bit with chmod a+x before you try)
i tried using another user outside of zope ..... working very well(adding user to system)....
Perhaps the other user is either root or it belongs to the root's groups.
owner of external method is root and set_user_id bit is set..... but problem is when i run attached app it is not adding user ....
set_user_id only works with C binary files. So, here you have to use sudo as suggested. Regards, Josef
ajit mote wrote:
command="/usr/sbin/adduser -p "+password+" "+ userName return os.system(command)
You are going to get yourself into a world of pain. os.system isn't the right thing to use here due to its lack of output redirection. Calling adduser like that is a really big hole in your system's security. Adding in sudo in there will make it even worse ;-) Seriously, I don't mean this is a nasty way, but you have neither the skill not the experience to attempt the development of the application you are trying to develop. Give up, or pay someone who knows better to do it for you :-S Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
Hi ajit,
i don't think this is non-zope question bca'z...
i am using python script to add user to system which works fine when run outside of zope ... but when i run it through zope as external script (with all permission) it's not working and returning 256 without giving any error...
That's because the user running zope doesn't have any root privileges and a external method is run as this user and not as root. Anyway, I just don't think it is safe to allow an zope admin user to create users in your operating system. What if your zope admin password gets hacked? Then the hacker could easily create a user in your machine and gain access to it as well. Why don't you do it directly by following the old way: logging in to the unix console, su to root and then calling useradd? Anyway, if you still want to do this, then you have to use sudo as Andreas said. Other alternatives would be: 1) Run zope as root. 2) use set-user-ID or set-group-ID (man chmod) with a C binary that calls useradd 3) Add your zope user to the group of root. Those two things are too dangerous. If I were you, I wouldn't consider any of them; however, it is up-to-you to decide this. Regards, Josef
participants (5)
-
ajit mote -
Andreas Jung -
Chris Withers -
Josef Meile -
Tino Wildenhain