Solved

Using chpasswd in php scritp

Posted on 2004-08-26
13
1,613 Views
Last Modified: 2012-06-21
Hi experts..

I wrote a php script that runs chpasswd command  on my linux server. The problem is when i run the script via http, the error_log shows this:

[Thu Aug 26 08:42:35 2004] [error] [client 63.245.101.12] (13)Permission denied: file permissions deny server access: /home/web/chpass.html

I know i have to use sudo to let this work, but i don't know how to do this.

Can somebody explain me how?..

I'm using two files: chpass.html that contains a form with user and password, and chpass.php that executes chpasswd command.

Thanks.
0
Comment
Question by:rbraym
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
13 Comments
 
LVL 48

Expert Comment

by:hernst42
ID: 11904749
does the the user that runs the webserver has access to that file ??
what is the output of
ls -la  /home/web/chpass.html

try a
chmod +r  /home/web/chpass.html
0
 

Author Comment

by:rbraym
ID: 11904832
Sorry.. tha was before i set the correct permissions.

The error is :

chpasswd: can't lock password file.

0
 
LVL 48

Expert Comment

by:hernst42
ID: 11905798
chpasswd is only supposed to be run only as root
-rwxr-xr-x    1 root     root        23000 2002-09-10 21:13 /usr/sbin/chpasswd
-rwsr-xr-x    1 root     shadow      68680 2002-09-10 21:13 /usr/bin/passwd

and has no s-bit set. So only root can change the passwd via chpasswd.
call sudo chpasswd
edit in /etc/sudoers:
wwwrun  ALL=(ALL) NOPASSWD: /usr/sbin/chpasswd
so wwwrun is allowed to call chpasswd vi sudo and is not asked for a password
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 

Author Comment

by:rbraym
ID: 11906968
sorry but i'm a little confused....

If i want my script runs properly and execute chpasswd, what should i do???.

Remeber that users browse chpass.html which calls chpasswd.php.

Thanks
0
 
LVL 48

Expert Comment

by:hernst42
ID: 11907202
how do you call chpasswd in your php-script ??
instead of executing chpasswd do sudo chpasswd

chpasswd does not check for an old password, just sets the password for the given user and the choosen password
0
 

Author Comment

by:rbraym
ID: 11907252
chpass.php:

<?php
//get the variables
$name = $_GET["user"];
$pass = $_GET["newpass"];

//create a file with those
$file = @fopen("pass.dat","w");
fputs($file,$name.":".$pass);

//Launch the command:
shell_exec('cat pass.dat | chpasswd');
echo "<b>DONE!!<b>";
0
 
LVL 48

Expert Comment

by:hernst42
ID: 11907357
replace the
//Launch the command:
shell_exec('cat pass.dat | chpasswd');

with
//Launch the command:
shell_exec('cat pass.dat | sudo chpasswd');

(after you have modified the /etc/sudoers file with the line first posted. Where do you do the check that the user is allowed to change the password for that account, else you system may be compromised very soon.
0
 

Author Comment

by:rbraym
ID: 11907423
now i get these message in error_log:

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

        #1) Respect the privacy of others.
        #2) Think before you type.

Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt
0
 
LVL 48

Expert Comment

by:hernst42
ID: 11907527
use the absolute path to chpasswd in shell_exec then you sould not need to type the password. I assumed that the PHP-script is executed as user wwwrun

shell_exec('cat pass.dat | sudo /usr/sbin/chpasswd');
0
 

Author Comment

by:rbraym
ID: 11907609
nope..i'm still getting same error:

Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt

the chpass.php script run as user ancar:

3424374 -rwxrwxrwx    1 ancar    apache        265 Aug 26 16:03 /home/web/chpass.php

what can it be?
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 50 total points
ID: 11907845
The the /etc/sudoes must contain the line

ancar  ALL=(ALL) NOPASSWD: /usr/sbin/chpasswd

or look at the log, the sudo call is logged there an so you should be able to get the user name and put that username into the /etc/sudoers
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question