[sudo-users] adduser via web (cgi script)

Jim Horwath jim.horwath at rcn.com
Wed Jul 28 20:57:37 EDT 2004

I think your playing with fire allowing users to be added 
from a cgi script.  That is a security incident waiting to 
happen.  A person can add a user then through privledge 
escalation become root on your machine, install rootkits, 
etc. Or the person can grabn the cgi source monkey with the 
tags and add a user with privledge. Sorry for being a party 
pooper, but it seems like a poor idea.


---- Original message ----
>Date: Wed, 28 Jul 2004 17:03:40 -0700 (PDT)
>From: "Erickson N. Jacob" <ericj at edigitalweb.com>  
>Subject: [sudo-users] adduser via web (cgi script)  
>To: sudo-users at sudo.ws
>hi all
>i have a cgi scipt to add user accounts via web
>system ("/usr/bin/sudo /usr/sbin/useradd", $user);
>my problem is that it wont create the user. i have already 
added the user
>nobody in the /etc/sudoers file to permit nobody to execute 
the useradd
>any advice on this
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:

More information about the sudo-users mailing list