<br><br style="font-weight: bold;"><div><span style="font-weight: bold;" class="gmail_quote">On 11/7/05, <span class="gmail_sendername">Tino Wildenhain</span> <<a href="mailto:tino@wildenhain.de">tino@wildenhain.de</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><span style="font-weight: bold;">ajit mote schrieb:</span><br style="font-weight: bold;">
<span style="font-weight: bold;">> this is what i tried ....</span><br style="font-weight: bold;"><span style="font-weight: bold;">></span><br style="font-weight: bold;"><span style="font-weight: bold;">> #External script
addUser.py (stored in instance/Extensions folder)</span><br style="font-weight: bold;"><span style="font-weight: bold;">> import crypt</span><br style="font-weight: bold;"><span style="font-weight: bold;">> import os
</span><br style="font-weight: bold;"><span style="font-weight: bold;">> def addUser(userName,password):</span><br style="font-weight: bold;"><span style="font-weight: bold;">> password=crypt.crypt(password,"5Ag5zoM9")
</span><br style="font-weight: bold;"><span style="font-weight: bold;">> command="/usr/sbin/adduser -p "+password+" "+ userName</span><br style="font-weight: bold;"><span style="font-weight: bold;">
> return os.system(command)</span><br style="font-weight: bold;"><span style="font-weight: bold;">></span><br style="font-weight: bold;"><br style="font-weight: bold;"><span style="font-weight: bold;">Heaven! Is this external method available via web? If so
</span><br style="font-weight: bold;"><span style="font-weight: bold;">be prepared for massive attack :-)</span><br style="font-weight: bold;"><span style="font-weight: bold;">That aside you may consider md5 instead of crypt to make
</span><br style="font-weight: bold;"><span style="font-weight: bold;">it not too easy to crack (otoh, its not really important</span><br style="font-weight: bold;"><span style="font-weight: bold;">as your script really allows for any command)
</span><br>> as we are going to use application only in intranet .....</blockquote><div>
we are developing this web application only
for our purpose ie. using only inside our firm....
<br>
my sys admin allow me to do this ....<br>
</div> so no security problem ....<br>
<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex; font-weight: bold;">> ///////////////<br>> attaching the application ....<br>> exported from
zope2.8.1 ,python-2.3.4-11,mysql-3.23.58-13 and<br>> Linux 2.6.9-1.667 ....<br>> ////////////////////////<br>> now i hope that , problem defination is very clear and open......<br>> ///////////////////<br><br>
Well no, at least not your "it does not work" problem you told us.<br><br>Still missing: the call to the script as "User which runs zope"<br>which might be zope or nobody or something, depending on your
<br>configuration and the way you start zope.<br><br>Add the following lines to your external method and you can<br>run it as script too:<br><br>if __name__=='__main__':<br> import sys<br> try:<br> user=sys.argv
[1]<br> pass=sys.argv[2]<br> except IndexError:<br> sys.stderr.write("Please start me with %s <username><br><password>\n" % sys.argv[0])<br> sys.exit(20)<br><br> addUser(user,pass)
<br><br><br><br>and try it like this:<br><br>su zope (or whoever your zope runs)<br>./yourmethod.py someuser somepass<br><br>You will see it fail (apart from the fact you need<br>the #!/path/to/python.bin and set the execution bit
<br>with chmod a+x before you try)</blockquote><div><br style="font-weight: bold;">
> i tried using another user outside of zope .....<br>
working very well(adding user to system)....<br>
</div> owner of external method is root and set_user_id bit is set.....<br>
but problem is when i run attached app it is not adding user ....<br>
<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex; font-weight: bold;">Because you did not use sudo as adviced.<br><br>Please try to copy the way mails are cited from other
<br>mails in this list. Dont put all your text on the<br>top of a full quote. Thank you.<br><br>Regards<br>Tino</blockquote><div><br>
> i am really <span style="text-decoration: underline; font-style: italic; background-color: rgb(255, 204, 51);">sorry</span> for the same....<br>
<br>
<br>
</div><br></div><span style="font-weight: bold;"> </span><br>
<br>