Linux Administration Web Scripts

Posted on 2004-11-24
Medium Priority
Last Modified: 2013-12-15
I have read in several places on this board that it is possible using PERL scripting to write a web page to allow a user to change their password via the internet.  Typically in these same posts, most people recommend not offering this solution because it loosens the security of the server up.  Also, in these posts people sometimes recommend using Plesk or CPanel for web administration.  What I can't figure out is how it is determined that these web admin tools are any securer than a web based password administration tool as from everything that I read, both Plesk and CPanel essentially change the web roots file permissions to 777.  I would think that this would loosen security even more than a simple web based password administration script?  Am I correct here or am I missing something?
Question by:caplinktech
LVL 10

Assisted Solution

NetworkArchitek earned 400 total points
ID: 12671805
No, you're completely right. Its more of holding on to "esoteric knowledge," but CPanel is no more secure than any other method.
LVL 19

Expert Comment

ID: 12672785
you can use webmin to allow change passwords of users:

Author Comment

ID: 12675651
The Webmin concept I believe goes back to my original point in that it is no more secure than a custom coded PERL script and in fact in many ways it is probably much less secure.

Accepted Solution

cyb3rj0hn earned 1600 total points
ID: 12678959
Anytime you allow users passwords to be changed from a web browser you are putting your system at risk, because you are correct you must enable specific files to be world readable and writable by anyone and the script must by run by root or a sudo user. Although it is fairly simple to do, and I have written a script myself to do this, 98% of all systems admins and perl programmers recommend against it. If you have looked at CPANEL, you have probably also seen that it is notorious for being explotable. If you are looking for a recommendation of which is better, I would suggest Plesk over any of them as it has not had any known exploitable holes that I can think of in my experience. I have worked with it in the past, as well as CPANEL, and it (Plesk) is much nicer. The bad part about it is in the Web Hosting business a web based control panel is a must in order to be competitive. My recommendation would be to use Plesk or to do all administration from the system itself by the admin. This is just my.02.


Expert Comment

ID: 13113669
I would suggest using usermin, which allows users less access to the system to change their passwords. It is more secure than webmin is if you want to allow anyone to use it to modify their passwords. I personally like usermin because it works seemlessly with our NIS authentication and shadow passwords. You can download it from http://www.webmin.com/index6.html

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month16 days, 6 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question