Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
A Web interface for your Linux admin tasks

Do you need to set up and maintain a whole load of accounts for users on your web server - giving them each their own area of the LAMP server, log in account, password, and MySQL database too? Do you have to set up a whole series of these accounts in a short period and are you fearful of getting one line wrong?

You could use a shell script (example to follow) ... but you need to be logged in as root and/or mess about with suid (setuid) bits, and it's not a way to do it flexibly.

Second approach - run the script via an expect session so that you can add an account from any logged in account if you know appropriate passwords. (example follows)

Third alternative - provide a web front end to your expect script. (again, example to follow)

SHELL SCRIPT TO ADD LINUX AND MYSQL USER

#!/bin/bash
# Create a full user account

/usr/sbin/useradd -m -k /home/template -g apache $1
echo "$2" | /usr/bin/passwd --stdin $1
chmod 750 /home/$1

echo "create database $1; GRANT all on $1.* to $1@'localhost' identified by '$2'" | \
  /usr/local/mysql/bin/mysql -hlocalhost -uroot -p$3

echo "set password for '$1'@'localhost' = OLD_PASSWORD('$2')" | \
     /usr/local/mysql/bin/mysql -hlocalhost -uroot -p$3

This script (called up under the name fulluser at the next level) creates a Linux and a MySQL account for a new user, both password protected. The final password (re)setting command is only needed if you're using a recent MySQL with older client code.

Usage:
 fulluser username userspassword databaserootpassword

The script assumed that the person running it is cleanly entering three parameters (but then at this level, this script will only work for the administrator anyway, and only if he/she gives the MySQL root password too). Also assumes that the MySQL server is on the same host ("localhost").

A template (initial contents) for each user's new home directory should be provided in /home/template. Include things such as a .my.cnf file, a README file, a link to the acceptable user policy document, and their public_html directory, seeded with an appropriate index.html

RUNNING THE FULLUSER SCRIPT FROM ANY ACCOUNT

Use expect for this. Expect is an extension of Tcl (the tool control language) and should come with your Linux distribution. It allows you to choreograph a terminal session along the lines of "I say this, computer replies that" and in this instance we're using it to obtain a log in, switch across to the root user, and run the fulluser script shown above.

#!/usr/bin/expect

# Connect as root

set rootpw [lindex $argv 3]
set adminpw [lindex $argv 2]

spawn telnet localhost

expect "login: "
send "webadmin\r"
expect "sword: "
send "$adminpw\r"
expect {$ }

send "su -\r"
expect "sword: "
send "$rootpw\r"
expect {# }

send "/usr/local/bin/fulluser $argv\r"
expect {# }

Note that the \r is the code for a new line - you don't use \n when you're doing a send in expect. The expect sequence is a trigger that we're looking for before proceeding and is the end of the word "password"; the trailing space is VITAL so as to ensure that the password isn't sent until the prompt has been completed.

Usage:
 webuser username userspassword nextpassword rootpassword

In our example, "nextpassword" is the password that's used for both the MySQL root and also for the webadmin account that we've created as part of our build. The "userpassword" is the password that we want assigned to our new user and "rootpassword" is the password that is the linux administrator's password. We COULD split "nextpassword" into two different passwords, but there's a limit to how many passwords even the best of admins can deal with in his head at any one time.

In our example, passwords are given on the command line. It's technically possible to write passwords into the script but you should understand the security implications before you make such a change and if in doubt, don't.

PUTTING IT ON THE WEB

Finally, here's the script that allows webuser to be run from a browser.

<?php
if ($_POST[filled] == 1) {
 $resp = shell_exec("/usr/local/bin/webuser".
            " $_POST[acname]".
              " $_POST[acpass]".
              " $_POST[wapass]".
              " $_POST[ropass]");
     $say = "New account $_POST[acname] added";
} else {
      $say = "-";
}
?>
<html>
<head>
<title>User account creation</title>
</head>
<body>
<h1>Adding a user account</h1>
<b><?php print($say); ?></b><br><br>
<form method=post>
Name of new account <input name=acname><br>
New account password <input name=acpass>
(add 2 x entry and obscure later)<br>
Webadmin password <input name=wapass type=password><br>
System admin password <input name=ropass type=password><br>
<input type=submit><input name=filled type=hidden value=1>
</form>
</body>
</html>

When this page is called up by a link from another page or by having its URL typed in, the form is displayed; the absence of a posted element called "filled" ensures that no action is taken.

When the form is completed and submitted back (to itself), the presence of a "filled" element with the value "1" causes the webuser script to be run and the account added. The form is then offered again as it's more than likely that the user will want to set up a whole series of accounts.

Note that I've used type=password to obscure the incoming passwords, but I have NOT used it for the new account's password

HOW TO TROUBLESHOOT

Please, PLEASE don't try to install all three of these scripts at once and hope that they all work together. Start off with fulluser and add a user from the root account. Then when you know that works, run webuser from a regular account.

Only when those first two stages have checked out should you risk running the web page script, knowing that any problems issues remaining will be at the PHP level.

THIS IS JUST A DEMO

Be aware - this page is just a demonstration; there's a lot more that you could / might / should do to use it in a production environment.

1. Check each of the elements to ensure they have worked and flag errors if there are any problems.

2. Check for duplicated user names

3. Add facilities to update password for an existing user, etc.

4. Add in a facility to enter the email address of the user and have the system email them to tell them about their new account

It's also worth remembering that you MUST plan your basic security properly before you write the scripts such as this to control it - especially if you're going to be something of a specialised ISP / WSP. The model we have used has all users in group "apache", with the web server running in that same group; on a machine that's only got web user accounts, you may be better advised to have all users in a group that has NO permissions for server files, and have the web server access the files it needs from an individual's area by higher access rights for other. If in doubt, read up or ask!

By the time you get all this done, perhaps you should be looking at a tool such as plesk rather than rolling your own - but then the code shown in this example is superbly tuneable


See also All files (including sample template)

Please note that articles in this section of our web site were current and correct to the best of our ability when published, but by the nature of our business may go out of date quite quickly. The quoting of a price, contract term or any other information in this area of our website is NOT an offer to supply now on those terms - please check back via our main web site

Related Material

PHP - Further Web Page and Network Handling
  [220] - ()
  [314] - ()
  [345] - ()
  [356] - ()
  [372] - ()
  [376] - ()
  [410] - ()
  [425] - ()
  [443] - ()
  [451] - ()
  [484] - ()
  [537] - ()
  [542] - ()
  [565] - ()
  [603] - ()
  [675] - ()
  [767] - ()
  [789] - ()
  [847] - ()
  [904] - ()
  [936] - ()
  [1009] - ()
  [1114] - ()
  [1183] - ()
  [1187] - ()
  [1210] - ()
  [1355] - ()
  [1379] - ()
  [1485] - ()
  [1495] - ()
  [1496] - ()
  [1505] - ()
  [1515] - ()
  [1518] - ()
  [1549] - ()
  [2632] - ()
  [2679] - ()
  [2729] - ()
  [2918] - ()
  [3036] - ()
  [3432] - ()
  [3540] - ()
  [3568] - ()
  [3918] - ()
  [4070] - ()
  [4483] - ()

Web Application Deployment - Apache httpd - Sourcing, Installation, Testing
  [523] - ()
  [526] - ()
  [550] - ()
  [660] - ()
  [907] - ()
  [982] - ()
  [1095] - ()
  [1292] - ()
  [1449] - ()
  [1455] - ()
  [1707] - ()
  [1731] - ()
  [1768] - ()
  [1945] - ()
  [2080] - ()
  [2096] - ()
  [2184] - ()
  [2520] - ()
  [3426] - ()
  [4437] - ()

Web Application Deployment - Further httpd Configuration
  [345] - ()
  [466] - ()
  [526] - ()
  [550] - ()
  [631] - ()
  [649] - ()
  [662] - ()
  [755] - ()
  [853] - ()
  [934] - ()
  [1009] - ()
  [1080] - ()
  [1121] - ()
  [1207] - ()
  [1351] - ()
  [1355] - ()
  [1377] - ()
  [1381] - ()
  [1551] - ()
  [1554] - ()
  [1564] - ()
  [1566] - ()
  [1619] - ()
  [1636] - ()
  [1707] - ()
  [1762] - ()
  [1767] - ()
  [1778] - ()
  [1939] - ()
  [1954] - ()
  [1955] - ()
  [1974] - ()
  [2060] - ()
  [2272] - ()
  [2478] - ()
  [2900] - ()
  [3133] - ()
  [3449] - ()
  [3635] - ()
  [3862] - ()
  [3955] - ()
  [4001] - ()
  [4307] - ()

Web Application Deployment - Users and Groups
  [409] - ()
  [431] - ()
  [683] - ()
  [1592] - ()
  [1619] - ()
  [1650] - ()
  [1773] - ()
  [1902] - ()
  [1904] - ()
  [2103] - ()
  [2117] - ()
  [2203] - ()
  [2301] - ()
  [2491] - ()
  [2639] - ()
  [4045] - ()

Tcl/Tk - What is Expect? Why use it?
  [286] - ()
  [435] - ()
  [1173] - ()
  [1174] - ()
  [1409] - ()
  [1411] - ()
  [1469] - ()
  [1531] - ()
  [1602] - ()
  [2474] - ()
  [2489] - ()
  [3009] - ()
  [3286] - ()
  [3572] - ()
  [4405] - ()
  [4678] - ()

resource index - PHP
Solutions centre home page

You'll find shorter technical items at The Horse's Mouth and delegate's questions answered at the Opentalk forum.

At Well House Consultants, we provide training courses on subjects such as Ruby, Lua, Perl, Python, Linux, C, C++, Tcl/Tk, Tomcat, PHP and MySQL. We're asked (and answer) many questions, and answers to those which are of general interest are published in this area of our site.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/solutions/php-a-we ... tasks.html • PAGE BUILT: Wed Mar 28 07:47:11 2012 • BUILD SYSTEM: wizard