LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Changing local passwords (/etc/shadow) from Roundcube webmail Interface
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-26-2014, 03:11 AM   #1
rudrarajstays
LQ Newbie
 
Registered: Nov 2008
Posts: 18

Rep: Reputation: 1
Changing local passwords (/etc/shadow) from Roundcube webmail Interface

Hi Friends,

I having trouble in changing the password of the mail users from roundcube webmail. All the mail users in my mail server are local users (/etc/passwd, /etc/shadow).

I have enabled the password change plugin in roundcube, and config.inc.php file inside password plugin says that it uses '/usr/sbin/chpasswd' to change the passwords.

But upon trying to change the password from roundcube, i am getting an error saying changes could not be saved.

It Will be great if anyone here can help me with this one....

I found this link (http://wili.cc/blog/roundcubepw.html) but things don't seem to work.


Thnaks in Advance....
 
Old 11-09-2014, 12:00 PM   #2
Pearlseattle
Member
 
Registered: Aug 2007
Location: Zurich, Switzerland
Distribution: Gentoo
Posts: 999

Rep: Reputation: 142Reputation: 142
Hi
I think that it would be a major security problem if a webapp (Roundcube in your case) would be allowded to change the contents of /etc/passwd resp. /etc/shadow.
Meaning that in such a case as soon as your webapp is penetrated by a cracker (and there are a lot of ways to do it) you can basically throw away your server.

Your external apps (webapps in your case) have to run with unprivileged accounts that don't have admin privileges, so that a major security breach can be contained.
 
Old 11-09-2014, 12:01 PM   #3
Pearlseattle
Member
 
Registered: Aug 2007
Location: Zurich, Switzerland
Distribution: Gentoo
Posts: 999

Rep: Reputation: 142Reputation: 142
Hi
I think that it would be a major security problem if a webapp (Roundcube in your case) would be allowded to change the contents of /etc/passwd resp. /etc/shadow.
Meaning that in such a case as soon as your webapp is penetrated by a cracker (and there are a lot of ways to do it) you can basically throw away your server.

Your external apps (webapps in your case) have to run with unprivileged accounts that don't have admin privileges, so that a major security breach can be contained.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Install and set-up Roundcube webmail interface LXer Syndicated Linux News 0 11-21-2013 01:33 AM
LXer: Using RoundCube Webmail With ISPConfig 3 On Debian Wheezy (nginx) LXer Syndicated Linux News 0 10-10-2013 10:50 AM
[SOLVED] Roundcube webmail Tarikc Linux - Software 4 07-21-2010 11:34 AM
Shadow passwords - Changing encryption method from MD5 to SHA Phaethar Linux - Security 1 11-04-2009 04:38 PM
Samba - Not Updating Local User Passwords in /Etc/Shadow JeffC1 Linux - Software 0 09-07-2008 08:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:13 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration