Solved

change password program in www

Posted on 2001-08-10
18
266 Views
Last Modified: 2012-06-22
any free script to changing password of linux server using web interface?

I need a secure script which is cgi or php.

or can you suggest me how to write?
0
Comment
Question by:stanleyhuen
  • 7
  • 7
  • 3
  • +1
18 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6374126
http://www.webmin.com/
(probably oversized for simply changing passwords, but secure)
0
 
LVL 14

Expert Comment

by:xberry
ID: 6375520
Hi,

I've been to that www.webmin.com site some while ago &
went through the program description of webmin.
Gee, that's a giant thing. Anything it CAN'T do for you ?
(Apart form making a real good cup of tea ?)
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6375659
There's an example of a password changing web app in the examples directory of Expect. I modified the example rather heavily to make it more universal and reliable and I'd be glad to share the code if you'll send an email to jim@entrophy-free.net referencing this question. Of course to do it securely you need an SSL enabled web server to protect the password from prying eyes.
0
 

Author Comment

by:stanleyhuen
ID: 6377677
I have sent u a mail, can u send ur program to me?
0
 
LVL 40

Accepted Solution

by:
jlevie earned 70 total points
ID: 6385266
I've sent the files, let me know if you don't get them.
0
 

Author Comment

by:stanleyhuen
ID: 6392064
I have got it, thx.

I have used it, but there is a problem.

I have created a shell "/bin/nobash" which will simply exit for my clients ( i use this shell so as to disable client to use telnet but ftp).
When they use this passwd.cgi to change password, they failed.

do u know how can i create a "shell" that enable my clients to change password only but not other commands?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6392644
how about using  /usr/bin/passwd  instead of /bin/nobash  in /etc/passwd ?
This diables shell logins 'cause passwd is not a shell, but alows the users to use ftp. If /usr/bin/passwd is listed in /etc/shells, you can telnet (but I recommend ssh for security reason) to your box and then just change their passwd.
0
 

Author Comment

by:stanleyhuen
ID: 6393482
after i change the /bin/nobash to /usr/bin/passwd,
I tried to change passwd, but:
Passwd Change Acknowledgment
Error: passwd: bad argument -c: unknown option

the code is sth like that:
#spawn /bin/su $var(name) -c "/bin/passwd -r files $var(name)"
spawn /bin/su $var(name) -c "/usr/bin/passwd"

sleep 1
expect {
    "Unknown (login|id):" {
        errormsg "unknown user: $var(name)"
        exit
    } -re "(.*) does not exist" {
        errormsg "unknown user: $var(name)"
        exit
    } default {
        errormsg "$expect_out(buffer)"
        exit
    } "Password:"
}
send "$var(old)\r"
sleep 1



how to solve this?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6393908
oops, didn't know of jlevie's script.
My suggestion is independent of this script, please read my comment again (the change is in  /etc/passwd  !)
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 40

Expert Comment

by:jlevie
ID: 6394049
What version of Linux are you using? And I don't understand what you mean by  'after i change the /bin/nobash to /usr/bin/passwd,'. Where was that change done? If you were changing a user's shell in /etc/passwd, you need to have changed /bin/nobash to /bin/bash. If, in fact, the user in question has something other than /bin/bash, bin/tch, etc. (i.e., they don't have a valid shell), you'll get that error from the password changing script.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6394342
jlevie, stanleyhuen, the shell should be changed in /etc/passwd to /usr/bin/passwd for those users which are not allowed to login but may change their password via passwd.cgi.
The expect script for these users looks like:

spawn /bin/su $var(name)
sleep 1
expect {
     -re "(.*) does not exist" {
         errormsg "unknown user: $var(name)"
         exit
      } "Old Password:" {
         send "$var(old)\r"
         expect {
              "New Password:" {
                 send "$var(new)\r"
              } default {
                 errormsg "$expect_out(buffer)"
                 exit
              }
         # some more expect { .. } here,
         # probably also some more error checks
      } default {
         errormsg "$expect_out(buffer)"
         exit
      }
}
send "$var(new)\r"
sleep 1

# feel free to mix both expect scripts (jlebie's and mine), or provide different links for users with valid (/bin/bash) and invalid logins (/usr/bin/passwd)
0
 

Author Comment

by:stanleyhuen
ID: 6396321
ahoffmann,
it works!

# feel free to mix both expect scripts (jlebie's and mine), or provide different links for users with
valid (/bin/bash) and invalid logins (/usr/bin/passwd)

but it is not user-friendly to do this, as the user don't know what his shells!

is it possible the script check the shell of the user and then decide to run:
1.
spawn /bin/su $var(name)
2.
spawn /bin/su $var(name) -c "/usr/bin/passwd"


ie.

if "/usr/bin/passwd" then
run 1
else
run 2
fi

I haven't written any expect script before.

Thank you very much.



0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6396377
set fid [open "/etc/passwd"]
set all [read $fid]
close fid
foreach line [split $all \n\r] {
   if [regexp "/usr/bin/passwd$" $line] {
      set login_user = 0
   } else {
      set login_user = 1
   }
   # loop to be improved ;-)
}
if [ $login_user == 1 ] {
   # spawn 1
} else {
   # spawn 2
}
0
 

Author Comment

by:stanleyhuen
ID: 6398461
When I follow the script, it seems have some problem in
set fid [open "/etc/passwd"]
set all [read $fid]
close fid

can you help? or provide some links to learn this script?

Thank you very much
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6398854
should be
  close $fid
sorry for typo
0
 

Author Comment

by:stanleyhuen
ID: 6399721
Sorry, the following doesn't work too!

foreach line [split $all \n\r] {
  if [regexp "/usr/bin/passwd$" $line] {
     set login_user = 0
  } else {
     set login_user = 1
  }
  # loop to be improved ;-)
}
if [ $login_user == 1 ] {
   spawn /bin/su $var(name) -c "/usr/bin/passwd"
} else {
   spawn /bin/su $var(name) }


I try to find out what is the problem, but fail to make it work.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6400181
should stop answering after 8pm ..
here again (tested!):

set fid [open "/etc/passwd"]
set all [read $fid]
close $fid
foreach line [split $all \n\r] {
  if [regexp "/usr/bin/false$" $line] {
     set login_user 0
  } else {
     set login_user 1
  }
  if [regexp -- "^$user" $line] {
     # $user  is user who called this script
     set ll $line
     break
  }
  # loop to be improved ;-)
}
if { $login_user == 1 } {
  # spawn 1
} else {
  # spawn 2
}
0
 

Author Comment

by:stanleyhuen
ID: 8335140
hi experts,

I have encountered problem  in migrating the change password program to a new linux server.

Can you help to solve it?

http://www.experts-exchange.com/Operating_Systems/Linux/Q_20583196.html

Thank you.

Stanley
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now