|
|
Posted by Colin McKinnon on 01/02/06 00:27
4site wrote:
>
> I'd like to write a short PHP script that will allow users to alter
> their virtual server password
WTF is a 'virtual server password'?
> via a secure web form. I had hoped that
> I might be able to call the shell passwd command from PHP, something
> like this:
>
> exec( "passwd -O $oldpassword -P $newpassword $username" );
>
OK, I guess you mean the Unix/Linux password, probably via PAM.
To change *any* password, you need to be root to have enough permission -
and you need to keep root well seperated from your web server. It is
possible - but honestly - I just would not go there. If you only want to
allow vaildated users to change their own passwords, then life's a lot
simpler and safer (but still - make sure you understand the implications).
Use proc_open to run su -c passwd $username@localhost (or ssh
user@localhost, followed by passwd).
Alternatively write your own porgam in C using the PAM libs and set it to
run setuid root (not recommended).
> but of course that doesn't seem to work.
>
> Is it possible to execute the passwd command silently, ie without the
> shell prompting (twice) for New Password?
No. There are variants - don't use them.
> Or should I be looking in
> another direction altogether - perhaps by editing the
> /usr/local/etc/passwd file instead, yes?
>
Not a good idea.
C.
Navigation:
[Reply to this message]
|