Linux Administration Web Scripts

Posted on 2004-11-24
Last Modified: 2013-12-15
I have read in several places on this board that it is possible using PERL scripting to write a web page to allow a user to change their password via the internet.  Typically in these same posts, most people recommend not offering this solution because it loosens the security of the server up.  Also, in these posts people sometimes recommend using Plesk or CPanel for web administration.  What I can't figure out is how it is determined that these web admin tools are any securer than a web based password administration tool as from everything that I read, both Plesk and CPanel essentially change the web roots file permissions to 777.  I would think that this would loosen security even more than a simple web based password administration script?  Am I correct here or am I missing something?
Question by:caplinktech
    LVL 10

    Assisted Solution

    No, you're completely right. Its more of holding on to "esoteric knowledge," but CPanel is no more secure than any other method.
    LVL 19

    Expert Comment

    you can use webmin to allow change passwords of users:

    Author Comment

    The Webmin concept I believe goes back to my original point in that it is no more secure than a custom coded PERL script and in fact in many ways it is probably much less secure.
    LVL 3

    Accepted Solution

    Anytime you allow users passwords to be changed from a web browser you are putting your system at risk, because you are correct you must enable specific files to be world readable and writable by anyone and the script must by run by root or a sudo user. Although it is fairly simple to do, and I have written a script myself to do this, 98% of all systems admins and perl programmers recommend against it. If you have looked at CPANEL, you have probably also seen that it is notorious for being explotable. If you are looking for a recommendation of which is better, I would suggest Plesk over any of them as it has not had any known exploitable holes that I can think of in my experience. I have worked with it in the past, as well as CPANEL, and it (Plesk) is much nicer. The bad part about it is in the Web Hosting business a web based control panel is a must in order to be competitive. My recommendation would be to use Plesk or to do all administration from the system itself by the admin. This is just my.02.


    Expert Comment

    I would suggest using usermin, which allows users less access to the system to change their passwords. It is more secure than webmin is if you want to allow anyone to use it to modify their passwords. I personally like usermin because it works seemlessly with our NIS authentication and shadow passwords. You can download it from

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
    Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now