[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1666
  • Last Modified:

Using chpasswd in php scritp

Hi experts..

I wrote a php script that runs chpasswd command  on my linux server. The problem is when i run the script via http, the error_log shows this:

[Thu Aug 26 08:42:35 2004] [error] [client 63.245.101.12] (13)Permission denied: file permissions deny server access: /home/web/chpass.html

I know i have to use sudo to let this work, but i don't know how to do this.

Can somebody explain me how?..

I'm using two files: chpass.html that contains a form with user and password, and chpass.php that executes chpasswd command.

Thanks.
0
rbraym
Asked:
rbraym
  • 6
  • 5
1 Solution
 
hernst42Commented:
does the the user that runs the webserver has access to that file ??
what is the output of
ls -la  /home/web/chpass.html

try a
chmod +r  /home/web/chpass.html
0
 
rbraymAuthor Commented:
Sorry.. tha was before i set the correct permissions.

The error is :

chpasswd: can't lock password file.

0
 
hernst42Commented:
chpasswd is only supposed to be run only as root
-rwxr-xr-x    1 root     root        23000 2002-09-10 21:13 /usr/sbin/chpasswd
-rwsr-xr-x    1 root     shadow      68680 2002-09-10 21:13 /usr/bin/passwd

and has no s-bit set. So only root can change the passwd via chpasswd.
call sudo chpasswd
edit in /etc/sudoers:
wwwrun  ALL=(ALL) NOPASSWD: /usr/sbin/chpasswd
so wwwrun is allowed to call chpasswd vi sudo and is not asked for a password
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
rbraymAuthor Commented:
sorry but i'm a little confused....

If i want my script runs properly and execute chpasswd, what should i do???.

Remeber that users browse chpass.html which calls chpasswd.php.

Thanks
0
 
hernst42Commented:
how do you call chpasswd in your php-script ??
instead of executing chpasswd do sudo chpasswd

chpasswd does not check for an old password, just sets the password for the given user and the choosen password
0
 
rbraymAuthor Commented:
chpass.php:

<?php
//get the variables
$name = $_GET["user"];
$pass = $_GET["newpass"];

//create a file with those
$file = @fopen("pass.dat","w");
fputs($file,$name.":".$pass);

//Launch the command:
shell_exec('cat pass.dat | chpasswd');
echo "<b>DONE!!<b>";
0
 
hernst42Commented:
replace the
//Launch the command:
shell_exec('cat pass.dat | chpasswd');

with
//Launch the command:
shell_exec('cat pass.dat | sudo chpasswd');

(after you have modified the /etc/sudoers file with the line first posted. Where do you do the check that the user is allowed to change the password for that account, else you system may be compromised very soon.
0
 
rbraymAuthor Commented:
now i get these message in error_log:

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

        #1) Respect the privacy of others.
        #2) Think before you type.

Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt
0
 
hernst42Commented:
use the absolute path to chpasswd in shell_exec then you sould not need to type the password. I assumed that the PHP-script is executed as user wwwrun

shell_exec('cat pass.dat | sudo /usr/sbin/chpasswd');
0
 
rbraymAuthor Commented:
nope..i'm still getting same error:

Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt

the chpass.php script run as user ancar:

3424374 -rwxrwxrwx    1 ancar    apache        265 Aug 26 16:03 /home/web/chpass.php

what can it be?
0
 
hernst42Commented:
The the /etc/sudoes must contain the line

ancar  ALL=(ALL) NOPASSWD: /usr/sbin/chpasswd

or look at the log, the sudo call is logged there an so you should be able to get the user name and put that username into the /etc/sudoers
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now