Solved

Using chpasswd in php scritp

Posted on 2004-08-26
13
1,591 Views
Last Modified: 2012-06-21
Hi experts..

I wrote a php script that runs chpasswd command  on my linux server. The problem is when i run the script via http, the error_log shows this:

[Thu Aug 26 08:42:35 2004] [error] [client 63.245.101.12] (13)Permission denied: file permissions deny server access: /home/web/chpass.html

I know i have to use sudo to let this work, but i don't know how to do this.

Can somebody explain me how?..

I'm using two files: chpass.html that contains a form with user and password, and chpass.php that executes chpasswd command.

Thanks.
0
Comment
Question by:rbraym
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
13 Comments
 
LVL 48

Expert Comment

by:hernst42
ID: 11904749
does the the user that runs the webserver has access to that file ??
what is the output of
ls -la  /home/web/chpass.html

try a
chmod +r  /home/web/chpass.html
0
 

Author Comment

by:rbraym
ID: 11904832
Sorry.. tha was before i set the correct permissions.

The error is :

chpasswd: can't lock password file.

0
 
LVL 48

Expert Comment

by:hernst42
ID: 11905798
chpasswd is only supposed to be run only as root
-rwxr-xr-x    1 root     root        23000 2002-09-10 21:13 /usr/sbin/chpasswd
-rwsr-xr-x    1 root     shadow      68680 2002-09-10 21:13 /usr/bin/passwd

and has no s-bit set. So only root can change the passwd via chpasswd.
call sudo chpasswd
edit in /etc/sudoers:
wwwrun  ALL=(ALL) NOPASSWD: /usr/sbin/chpasswd
so wwwrun is allowed to call chpasswd vi sudo and is not asked for a password
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:rbraym
ID: 11906968
sorry but i'm a little confused....

If i want my script runs properly and execute chpasswd, what should i do???.

Remeber that users browse chpass.html which calls chpasswd.php.

Thanks
0
 
LVL 48

Expert Comment

by:hernst42
ID: 11907202
how do you call chpasswd in your php-script ??
instead of executing chpasswd do sudo chpasswd

chpasswd does not check for an old password, just sets the password for the given user and the choosen password
0
 

Author Comment

by:rbraym
ID: 11907252
chpass.php:

<?php
//get the variables
$name = $_GET["user"];
$pass = $_GET["newpass"];

//create a file with those
$file = @fopen("pass.dat","w");
fputs($file,$name.":".$pass);

//Launch the command:
shell_exec('cat pass.dat | chpasswd');
echo "<b>DONE!!<b>";
0
 
LVL 48

Expert Comment

by:hernst42
ID: 11907357
replace the
//Launch the command:
shell_exec('cat pass.dat | chpasswd');

with
//Launch the command:
shell_exec('cat pass.dat | sudo chpasswd');

(after you have modified the /etc/sudoers file with the line first posted. Where do you do the check that the user is allowed to change the password for that account, else you system may be compromised very soon.
0
 

Author Comment

by:rbraym
ID: 11907423
now i get these message in error_log:

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

        #1) Respect the privacy of others.
        #2) Think before you type.

Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt
0
 
LVL 48

Expert Comment

by:hernst42
ID: 11907527
use the absolute path to chpasswd in shell_exec then you sould not need to type the password. I assumed that the PHP-script is executed as user wwwrun

shell_exec('cat pass.dat | sudo /usr/sbin/chpasswd');
0
 

Author Comment

by:rbraym
ID: 11907609
nope..i'm still getting same error:

Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt

the chpass.php script run as user ancar:

3424374 -rwxrwxrwx    1 ancar    apache        265 Aug 26 16:03 /home/web/chpass.php

what can it be?
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 50 total points
ID: 11907845
The the /etc/sudoes must contain the line

ancar  ALL=(ALL) NOPASSWD: /usr/sbin/chpasswd

or look at the log, the sudo call is logged there an so you should be able to get the user name and put that username into the /etc/sudoers
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question