change password program in www

any free script to changing password of linux server using web interface?

I need a secure script which is cgi or php.

or can you suggest me how to write?
stanleyhuenAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
jlevieConnect With a Mentor Commented:
I've sent the files, let me know if you don't get them.
0
 
ahoffmannCommented:
http://www.webmin.com/
(probably oversized for simply changing passwords, but secure)
0
 
xberryCommented:
Hi,

I've been to that www.webmin.com site some while ago & 
went through the program description of webmin.
Gee, that's a giant thing. Anything it CAN'T do for you ?
(Apart form making a real good cup of tea ?)
0
Build your data science skills into a career

Are you ready to take your data science career to the next step, or break into data science? With Springboard’s Data Science Career Track, you’ll master data science topics, have personalized career guidance, weekly calls with a data science expert, and a job guarantee.

 
jlevieCommented:
There's an example of a password changing web app in the examples directory of Expect. I modified the example rather heavily to make it more universal and reliable and I'd be glad to share the code if you'll send an email to jim@entrophy-free.net referencing this question. Of course to do it securely you need an SSL enabled web server to protect the password from prying eyes.
0
 
stanleyhuenAuthor Commented:
I have sent u a mail, can u send ur program to me?
0
 
stanleyhuenAuthor Commented:
I have got it, thx.

I have used it, but there is a problem.

I have created a shell "/bin/nobash" which will simply exit for my clients ( i use this shell so as to disable client to use telnet but ftp).
When they use this passwd.cgi to change password, they failed.

do u know how can i create a "shell" that enable my clients to change password only but not other commands?
0
 
ahoffmannCommented:
how about using  /usr/bin/passwd  instead of /bin/nobash  in /etc/passwd ?
This diables shell logins 'cause passwd is not a shell, but alows the users to use ftp. If /usr/bin/passwd is listed in /etc/shells, you can telnet (but I recommend ssh for security reason) to your box and then just change their passwd.
0
 
stanleyhuenAuthor Commented:
after i change the /bin/nobash to /usr/bin/passwd,
I tried to change passwd, but:
Passwd Change Acknowledgment
Error: passwd: bad argument -c: unknown option

the code is sth like that:
#spawn /bin/su $var(name) -c "/bin/passwd -r files $var(name)"
spawn /bin/su $var(name) -c "/usr/bin/passwd"

sleep 1
expect {
    "Unknown (login|id):" {
        errormsg "unknown user: $var(name)"
        exit
    } -re "(.*) does not exist" {
        errormsg "unknown user: $var(name)"
        exit
    } default {
        errormsg "$expect_out(buffer)"
        exit
    } "Password:"
}
send "$var(old)\r"
sleep 1



how to solve this?
0
 
ahoffmannCommented:
oops, didn't know of jlevie's script.
My suggestion is independent of this script, please read my comment again (the change is in  /etc/passwd  !)
0
 
jlevieCommented:
What version of Linux are you using? And I don't understand what you mean by  'after i change the /bin/nobash to /usr/bin/passwd,'. Where was that change done? If you were changing a user's shell in /etc/passwd, you need to have changed /bin/nobash to /bin/bash. If, in fact, the user in question has something other than /bin/bash, bin/tch, etc. (i.e., they don't have a valid shell), you'll get that error from the password changing script.
0
 
ahoffmannCommented:
jlevie, stanleyhuen, the shell should be changed in /etc/passwd to /usr/bin/passwd for those users which are not allowed to login but may change their password via passwd.cgi.
The expect script for these users looks like:

spawn /bin/su $var(name)
sleep 1
expect {
     -re "(.*) does not exist" {
         errormsg "unknown user: $var(name)"
         exit
      } "Old Password:" {
         send "$var(old)\r"
         expect {
              "New Password:" {
                 send "$var(new)\r"
              } default {
                 errormsg "$expect_out(buffer)"
                 exit
              }
         # some more expect { .. } here,
         # probably also some more error checks
      } default {
         errormsg "$expect_out(buffer)"
         exit
      }
}
send "$var(new)\r"
sleep 1

# feel free to mix both expect scripts (jlebie's and mine), or provide different links for users with valid (/bin/bash) and invalid logins (/usr/bin/passwd)
0
 
stanleyhuenAuthor Commented:
ahoffmann,
it works!

# feel free to mix both expect scripts (jlebie's and mine), or provide different links for users with
valid (/bin/bash) and invalid logins (/usr/bin/passwd)

but it is not user-friendly to do this, as the user don't know what his shells!

is it possible the script check the shell of the user and then decide to run:
1.
spawn /bin/su $var(name)
2.
spawn /bin/su $var(name) -c "/usr/bin/passwd"


ie.

if "/usr/bin/passwd" then
run 1
else
run 2
fi

I haven't written any expect script before.

Thank you very much.



0
 
ahoffmannCommented:
set fid [open "/etc/passwd"]
set all [read $fid]
close fid
foreach line [split $all \n\r] {
   if [regexp "/usr/bin/passwd$" $line] {
      set login_user = 0
   } else {
      set login_user = 1
   }
   # loop to be improved ;-)
}
if [ $login_user == 1 ] {
   # spawn 1
} else {
   # spawn 2
}
0
 
stanleyhuenAuthor Commented:
When I follow the script, it seems have some problem in
set fid [open "/etc/passwd"]
set all [read $fid]
close fid

can you help? or provide some links to learn this script?

Thank you very much
0
 
ahoffmannCommented:
should be
  close $fid
sorry for typo
0
 
stanleyhuenAuthor Commented:
Sorry, the following doesn't work too!

foreach line [split $all \n\r] {
  if [regexp "/usr/bin/passwd$" $line] {
     set login_user = 0
  } else {
     set login_user = 1
  }
  # loop to be improved ;-)
}
if [ $login_user == 1 ] {
   spawn /bin/su $var(name) -c "/usr/bin/passwd"
} else {
   spawn /bin/su $var(name) }


I try to find out what is the problem, but fail to make it work.

0
 
ahoffmannCommented:
should stop answering after 8pm ..
here again (tested!):

set fid [open "/etc/passwd"]
set all [read $fid]
close $fid
foreach line [split $all \n\r] {
  if [regexp "/usr/bin/false$" $line] {
     set login_user 0
  } else {
     set login_user 1
  }
  if [regexp -- "^$user" $line] {
     # $user  is user who called this script
     set ll $line
     break
  }
  # loop to be improved ;-)
}
if { $login_user == 1 } {
  # spawn 1
} else {
  # spawn 2
}
0
 
stanleyhuenAuthor Commented:
hi experts,

I have encountered problem  in migrating the change password program to a new linux server.

Can you help to solve it?

http://www.experts-exchange.com/Operating_Systems/Linux/Q_20583196.html

Thank you.

Stanley
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.