[Zope] useradd command in Zope

ajit mote mail2cajit at gmail.com
Mon Nov 7 06:12:04 EST 2005


On 11/7/05, Tino Wildenhain <tino at wildenhain.de> wrote:
>
> ajit mote schrieb:
> > this is what i tried ....
> >
> > #External script addUser.py (stored in instance/Extensions folder)
> > import crypt
> > import os
> > def addUser(userName,password):
> > password=crypt.crypt(password,"5Ag5zoM9")
> > command="/usr/sbin/adduser -p "+password+" "+ userName
> > return os.system(command)
> >
>
> Heaven! Is this external method available via web? If so
> be prepared for massive attack :-)
> That aside you may consider md5 instead of crypt to make
> it not too easy to crack (otoh, its not really important
> as your script really allows for any command)
> > as we are going to use application only in intranet .....

we are developing this web application only for our purpose ie. using only
inside our firm....
my sys admin allow me to do this ....
 so no security problem ....

> ///////////////
> > attaching the application ....
> > exported from zope2.8.1 ,python-2.3.4-11,mysql-3.23.58-13 and
> > Linux 2.6.9-1.667 ....
> > ////////////////////////
> > now i hope that , problem defination is very clear and open......
> > ///////////////////
>
> Well no, at least not your "it does not work" problem you told us.
>
> Still missing: the call to the script as "User which runs zope"
> which might be zope or nobody or something, depending on your
> configuration and the way you start zope.
>
> Add the following lines to your external method and you can
> run it as script too:
>
> if __name__=='__main__':
> import sys
> try:
> user=sys.argv[1]
> pass=sys.argv[2]
> except IndexError:
> sys.stderr.write("Please start me with %s <username>
> <password>\n" % sys.argv[0])
> sys.exit(20)
>
> addUser(user,pass)
>
>
>
> and try it like this:
>
> su zope (or whoever your zope runs)
> ./yourmethod.py someuser somepass
>
> You will see it fail (apart from the fact you need
> the #!/path/to/python.bin and set the execution bit
> with chmod a+x before you try)


> i tried using another user outside of zope .....
working very well(adding user to system)....
 owner of external method is root and set_user_id bit is set.....
but problem is when i run attached app it is not adding user ....

Because you did not use sudo as adviced.
>
> Please try to copy the way mails are cited from other
> mails in this list. Dont put all your text on the
> top of a full quote. Thank you.
>
> Regards
> Tino


> i am really sorry for the same....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20051107/2ca5970b/attachment.htm


More information about the Zope mailing list