LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-08-2009, 12:11 AM   #1
sushantchawla2005
Member
 
Registered: Jun 2009
Location: India
Distribution: All flavours of linux
Posts: 93

Rep: Reputation: 14
Exclamation Resetting user passwords through php web page


Hi All Linux Experts

We are using LDAP for user authentication & I have set a policy that the password expires after 45 days.

But when the password expires users have to request me to set up & now the problem is all the users want a Web page through which they can change or reset their passwords.

I have discovered "expect" tool which can run in background for resetting LDAP passwords but I know very little about PHP so please help me to make a secure front end in PHP.


Thanks in Advance
Sushant Chawla
Linux Administrator
 
Old 07-08-2009, 01:43 AM   #2
suhas!
Member
 
Registered: Mar 2007
Posts: 100

Rep: Reputation: 17
Design a form that will submit the username value using get or post method.

Get that username and set the password using system() function in php.

Make sure the script doesnt set root password inadvertently. Also parse the username input so that no other system command is executed.

This would be enough to deploy in secured private network.....
 
Old 07-08-2009, 02:04 AM   #3
sushantchawla2005
Member
 
Registered: Jun 2009
Location: India
Distribution: All flavours of linux
Posts: 93

Original Poster
Rep: Reputation: 14
Quote:
Originally Posted by suhas! View Post
Design a form that will submit the username value using get or post method.

Get that username and set the password using system() function in php.

Make sure the script doesnt set root password inadvertently. Also parse the username input so that no other system command is executed.

This would be enough to deploy in secured private network.....

Hi Suhas

Firstly thanks for the reply. Please tell me how to use system function & currently i am issuing the command like this in action.php page
`sudo /changepasswd $username $password`

but it is saying you must have tty to set the password. The webserver user is apache & I have given apache user sudo access to run this script.

Secondly when I run this script manually from apache user sudo -u apache /changepasswd it is saying only root user can set the user password.
 
Old 07-09-2009, 12:57 AM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,264

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Quote:
sudo -u apache /changepasswd
that's telling it to run the cmd as apache, which is the very thing you don't want.
When you call sudo, it knows who you are calling it as ....
 
Old 07-09-2009, 02:02 AM   #5
sushantchawla2005
Member
 
Registered: Jun 2009
Location: India
Distribution: All flavours of linux
Posts: 93

Original Poster
Rep: Reputation: 14
Quote:
Originally Posted by chrism01 View Post
that's telling it to run the cmd as apache, which is the very thing you don't want.
When you call sudo, it knows who you are calling it as ....
No I want the apache user to run this command & i have given it the permissions in sudo too. If the apache user can't run this command then how can we change password from web page?
 
Old 07-09-2009, 03:46 PM   #6
apt-shawn
LQ Newbie
 
Registered: Jul 2009
Location: Atlantic, IA, USA
Distribution: Debian and Mint
Posts: 12

Rep: Reputation: 1
sushantchawla2005,

Have you ever looked at webmin?

http://www.webmin.com.

Shawn

Last edited by apt-shawn; 07-09-2009 at 03:55 PM.
 
Old 07-09-2009, 11:19 PM   #7
sushantchawla2005
Member
 
Registered: Jun 2009
Location: India
Distribution: All flavours of linux
Posts: 93

Original Poster
Rep: Reputation: 14
Yes I am using webmin but I want that every body can reset his/her password but giving the access through webmin will disclose many other configurations of my servers to everybody.

Isn't it?
 
Old 07-10-2009, 01:16 AM   #8
suhas!
Member
 
Registered: Mar 2007
Posts: 100

Rep: Reputation: 17
Hi sushant,

instead of doing following thing in bash prompt --
sudo -u apache /changepasswd username password


Do this thing --

su -l apache -c sudo /changepasswd username password


That will actually test if apache user can sudo or not....
 
Old 07-10-2009, 03:13 AM   #9
sushantchawla2005
Member
 
Registered: Jun 2009
Location: India
Distribution: All flavours of linux
Posts: 93

Original Poster
Rep: Reputation: 14
Suhas

Its running but giving the error
passwd: only root can specify a user name

I have given the following entry in sudoers

apache ALL=(ALL) NOPASSWD: ALL

Please helppp
 
Old 07-10-2009, 08:22 AM   #10
suhas!
Member
 
Registered: Mar 2007
Posts: 100

Rep: Reputation: 17
* Comment out following line in visudo


#Defaults requiretty


* Allow Apache user to execute command via sudo in visudo

apache ALL=(ALL) NOPASSWD: ALL


* Execute following command


[root@www ~]# su -l apache -s /bin/bash -c "sudo passwd suhas"
Changing password for user suhas.
New UNIX password:



Later you can tighten the security by allowing only passwd command to apache user
Regards,

Last edited by suhas!; 07-10-2009 at 08:24 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
resetting passwords in Ubuntu nm_pepper Linux - General 4 03-03-2008 05:51 AM
Resetting passwords of other users without being Root Julix Linux - General 6 08-17-2007 05:30 PM
drawing line in php on web page pranith Programming 6 06-21-2005 04:14 AM
Setting a web page with php! mithras Linux - General 14 07-25-2003 03:25 PM
LQ user web page born4linux LQ Suggestions & Feedback 5 02-19-2003 04:46 PM


All times are GMT -5. The time now is 11:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration