Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Creating NT User Accounts w/ Perl 5

Posted on 1997-02-18
8
Medium Priority
?
229 Views
Last Modified: 2013-12-25
I am attempting to have one of my CGI programs create NT user accounts via Perl 5 (hip port) --  Logged onto the NT server at the main console I can execute the script and it will properly generate the User Account and give it the Proper group assignments via the NET USER and NET GROUP commands... however this does not function when accessed via CGI.

What process must I go through to allow this CGI Perl program the proper permissions to follow through with the generation of the User account and group assignments?  Is there an easier way which I am overlooking?

Regards,

Art
0
Comment
Question by:aconner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 1

Expert Comment

by:tark
ID: 1827798
Hi Art,
  Don't know much about doing this on the NT side, but I suspect you'll want to try getting 'taintperl' (or equivalent) for NT.  Then, I would bet you'd have to make the script run as user 'Administrator'.  I'm afraid I can't help you there, but I know that on the Unix side, I would use 'taintperl', and make the script setuid.
  I suspect that what you're running into is that the web server invoking the CGI script is running as 'guest' or something.  Whatever the case, the only permissions your CGI script will have are whatever the web server runs as, because it is the web server that actually invokes it.
hth
0
 

Expert Comment

by:henryj
ID: 1827799
Just wondering if there is a good reason for doing this anyway (as creating user accounts via CGI seems a bit risky security wise). What is the intended use? I presume you know that there are already web based system administration tools for NT if that's the reason why you want it?

henry

0
 

Expert Comment

by:nunamakt
ID: 1827800
Second Henryj's comment.  You're opening the door to a hacker to give him/herself admin rights on your server if they can only break one password.  If you don't care if your server get reformatted, or any of the data on the server gets stolen and used somewhere else...then that's OK I guess.

The Air Force has REALLY cracked down on security lately.  Take a look at the AFCERT (AF Computer Emergency Response Team) page on system security...its at:

http://kumi.kelly.af.mil/wks.html


0
Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

 

Author Comment

by:aconner
ID: 1827801
Then what would be a better way of adding "automated" user accessiblity to certain areas of the system? I will provide the following scenario for further understanding...

A user accesses a webpage but it is a "subscription" based webpage.  So then the user fills out a form with payment information of by completing a questionnaire (or whatever) once this task is successfully accomplished they are provided a userid and password to access the "subscription" based webpage.

Is there something really simple here that I am missing?  Perhaps I am approching this from the wrong angle.

Art
0
 

Expert Comment

by:tmetzger
ID: 1827802
I believe that most systems of this type maintain a database of users
and passwords that is completely separate from the one maintained by the
system.  The user specifies his/her subscription username and enters the
subscription password, rather than the system username/password.  That way, security risks are confined to the scope of your web site.

Perl lets you manage access with a DBM file full of users/passwords.  I haven't done it myself, but I know it can be done.
0
 
LVL 4

Expert Comment

by:furu
ID: 1827803
Also with IIS 3.0 you can use ASP to manage user-databases very easily. But take care to download the patch from Microsoft, or anyone could read your passwords.
0
 

Expert Comment

by:matisse
ID: 1827804
We have looked at a similar problem - on UNIX servers it is easy, the user file used can be completly different from the one for "rea" user accounts.

Under NT, you really should look into using a different web server instead of the MS one - O'Reilly's Website or Netscape's server both allow this seperate user file.
0
 
LVL 2

Accepted Solution

by:
igroove earned 200 total points
ID: 1827805
Use PerlWin32...And they've got a module called Win32::NetAdmin in which (direct manual quote):

UserCreate($server, $userName, $password,$passwordAge,$privilege,$homeDir, $comment, $flags, $scriptPath)

$server
The name of the server

$userName
The name of the new user.

$password
The users password

$PasswordAge
Time before password expires.

$privilege
The Privileges of the new user(see below for options)

$homeDir
The home directory of the user.

$comment
A relevant comment about the user.

$flag
A flag controlling user creation (see below for options)

$scriptPath
Pathname of the login script. Creates a user on server with password, passwordAge, privilege,homeDir, comment, flags, and scriptPath

$Privilege options:
USER_PRIV_MASK
USER_PRIV_GUEST
USER_PRIV_USER
USER_PRIV_ADMIN

$flag options:
UF_TEMP_DUPLICATE_ACCOUNT
UF_NORMAL_ACCOUNT
UF_INTERDOMAIN_TRUST_ACCOUNT
UF_WORKSTATION_TRUST_ACCOUNT
UF_SERVER_TRUST_ACCOUNT
UF_MACHINE_ACCOUNT_MASK
UF_ACCOUNT_TYPE_MASK
UF_DONT_EXPIRE_PASSWD
UF_SETTABLE_BITS
UF_SCRIPT
UF_ACCOUNTDISABLE
UF_HOMEDIR_REQUIRED
UF_LOCKOUT
UF_PASSWD_NOTREQD
UF_PASSWD_CANT_CHANGE

UserDelete($server, $user)

$server
The name of the server.

$user
The name of the user to delete.

Deletes a user from server

And an example:

       use Win32::NetAdmin;
       # set info for the user.
       $userName = 'TestUser';
       $password = '';
       $passwordAge = 0;
       $privilege = USER_PRIV_USER;
       $homeDir = 'c:\\';
       $comment = 'This is a test user';
       $flags = UF_SCRIPT;
       $scriptpath = 'C:\\';
       $groupName = 'TestGroup';
       $groupComment = "This is a test group";
       Win32::NetAdmin::UserCreate('', $userName,
                              $password,
                              $passwordAge,
                              $privilege,
                              $homeDir,
                              $comment,
                              $flags,
                              $scriptpath) || print "not ";
   
       Win32::NetAdmin::UserGetAttributes('',$userName,
                              $Getpassword,
                              $GetpasswordAge,
                              $Getprivilege,
                              $GethomeDir,
                              $Getcomment,
                              $Getflags,
                              $Getscriptpath) || warn();

       ($password eq $Getpassword) || warn();
       ($passwordAge == $GetpasswordAge) || warn();
       ($homeDir eq $GethomeDir) || warn();
       ($comment eq $Getcomment) || warn();
       ($flags == ($Getflags&USER_PRIV_MASK)) || warn();
       ($scriptpath eq $scriptpath) || warn();

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will focus on how to use WhizBase as a tool for sending ICQ messages to ICQ. Here I will use a new technology in WhizBase, published in WhizBase 5.1 version. In this tutorial I will use 3 files, pager.wbsp for the processing, e…
In this tutorial I will show you how to provide a dynamic RTF document on your website generated with data from your database. For this tutorial you will need Microsoft Word or WordPad, WhizBase and Microsoft Access. In this tutorial I will show …
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question