Using chpasswd in php scritp

Hi experts..

I wrote a php script that runs chpasswd command  on my linux server. The problem is when i run the script via http, the error_log shows this:

[Thu Aug 26 08:42:35 2004] [error] [client 63.245.101.12] (13)Permission denied: file permissions deny server access: /home/web/chpass.html

I know i have to use sudo to let this work, but i don't know how to do this.

Can somebody explain me how?..

I'm using two files: chpass.html that contains a form with user and password, and chpass.php that executes chpasswd command.

Thanks.
rbraymAsked:
Who is Participating?
 
hernst42Connect With a Mentor Commented:
The the /etc/sudoes must contain the line

ancar  ALL=(ALL) NOPASSWD: /usr/sbin/chpasswd

or look at the log, the sudo call is logged there an so you should be able to get the user name and put that username into the /etc/sudoers
0
 
hernst42Commented:
does the the user that runs the webserver has access to that file ??
what is the output of
ls -la  /home/web/chpass.html

try a
chmod +r  /home/web/chpass.html
0
 
rbraymAuthor Commented:
Sorry.. tha was before i set the correct permissions.

The error is :

chpasswd: can't lock password file.

0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

 
hernst42Commented:
chpasswd is only supposed to be run only as root
-rwxr-xr-x    1 root     root        23000 2002-09-10 21:13 /usr/sbin/chpasswd
-rwsr-xr-x    1 root     shadow      68680 2002-09-10 21:13 /usr/bin/passwd

and has no s-bit set. So only root can change the passwd via chpasswd.
call sudo chpasswd
edit in /etc/sudoers:
wwwrun  ALL=(ALL) NOPASSWD: /usr/sbin/chpasswd
so wwwrun is allowed to call chpasswd vi sudo and is not asked for a password
0
 
rbraymAuthor Commented:
sorry but i'm a little confused....

If i want my script runs properly and execute chpasswd, what should i do???.

Remeber that users browse chpass.html which calls chpasswd.php.

Thanks
0
 
hernst42Commented:
how do you call chpasswd in your php-script ??
instead of executing chpasswd do sudo chpasswd

chpasswd does not check for an old password, just sets the password for the given user and the choosen password
0
 
rbraymAuthor Commented:
chpass.php:

<?php
//get the variables
$name = $_GET["user"];
$pass = $_GET["newpass"];

//create a file with those
$file = @fopen("pass.dat","w");
fputs($file,$name.":".$pass);

//Launch the command:
shell_exec('cat pass.dat | chpasswd');
echo "<b>DONE!!<b>";
0
 
hernst42Commented:
replace the
//Launch the command:
shell_exec('cat pass.dat | chpasswd');

with
//Launch the command:
shell_exec('cat pass.dat | sudo chpasswd');

(after you have modified the /etc/sudoers file with the line first posted. Where do you do the check that the user is allowed to change the password for that account, else you system may be compromised very soon.
0
 
rbraymAuthor Commented:
now i get these message in error_log:

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

        #1) Respect the privacy of others.
        #2) Think before you type.

Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt
0
 
hernst42Commented:
use the absolute path to chpasswd in shell_exec then you sould not need to type the password. I assumed that the PHP-script is executed as user wwwrun

shell_exec('cat pass.dat | sudo /usr/sbin/chpasswd');
0
 
rbraymAuthor Commented:
nope..i'm still getting same error:

Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt

the chpass.php script run as user ancar:

3424374 -rwxrwxrwx    1 ancar    apache        265 Aug 26 16:03 /home/web/chpass.php

what can it be?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.