Not the more secure solution but should do the trick: I will assume that your webserver is run as apache.apache
Make a copy of passwd and call it (for example) apache_passwd execute the following as root: $>chown root.apache apache_passwd $>chmod u+rwxs,g+rwx,o-rwx Notice the "s" in the u+. This sets the sticky bit or (Set UID) for the program meaning that when the program runs it will execute with the privs of the owner (root). Now since your are running the webserver in the group "apache" we set the group to be apache and give "rwx" to the group. We also make sure nobody else can run the program "o-rwx". The problem that you will still have is that *ANY* script run on the webserver *COULD* execute apache_passwd and change anyones password but it is much beter than running the webserver as root. Just remember that someone could change the root password then gain access to your server and lock you out. I'm sure there are better solutions but this will work. There is a module for SquirrelMail (IMAP Webmail Client) that supports password changing. I can't remember how they did it though. Serge. In article <004401c2c3d6$8a380520$e0dffb0c@mntkz>, "Mantas Kriauciunas" <[EMAIL PROTECTED]> wrote: > Hey! > Thanks for reply. > > Well hmm.. is there any way to open some socket and log in with other > account or something like that? I mean use IE or other browser but the > main point is to log in with different account and change the password. > User can change password of their own not only root can change it. > > And what I need this script for, is, not everyone knows how to use ssh > and I don't want to give access to 50 users that can run their > processes, my server will freeze. That's why I need to change it somehow > different, what about loging in with root and changing passwords, but > now again how to open connection to sshd. > > By your reply I can guess that you state that there is no chanse..and if > there is it will be big security hole. > > :/ > > thnx again > > -mNTKz > > -----Original Message----- > From: Tom Woody [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 > 12:03 PM To: Mantas Kriauciunas > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP] SSH change password! > > The one problem and serious security risk you will be introducing is > that if you run passwd as an unprivliged user you can only change the > password of the user you are running it as. Therefore, the webserver > would be running as apache, so the only password it could change would > be for user apache. > > To get passwd to change any password it has to be run as root, therefore > you would need to run the webserver as root. You would be opening a > serious pandora's box with that option. > > Since your users have access to the server through a shell account > (otherwise why bother with user accounts), you would be better served by > PuTTY or another ssh client that the users change their passwords by > logging in to the shell account. > > On Fri, 24 Jan 2003 11:48:50 -0600 > "Mantas Kriauciunas" <[EMAIL PROTECTED]> wrote: > >> Hey! >> >> I was wondering with what command do you execute shell commands? >> >> What I need is to change users password on the server, I want to write >> that script and it needs to be safe. So I don't know what should I use. >> I think I will need to check username and password, then log in through >> website with it and then use passwd command on that user to change the >> password. Or maybe I am wrong, I never done something like that. >> >> Thanks for any info! >> >> -mNTKz >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: >> http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
