ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i know this might have serious security implications, i will evaluate and address those later... right now i just want to brainstorm and get started...
i need a way to add/remove users and change passwords through a php script. (i would need to feed arguments to the script, and not have it run interactively). this needs to integrate into a web script, and be able to run as a non-root user, but still needs some sort of security.
hopefully, i can have a utility to allow a hosting customer to add/delete/modify their own email users within a certain set of constraints, for example, customer a has all of their user aaccounts prefixed with "ca-<user>" they would only supply the <user> part, and the script would automatically prepend the "ca-" so the customer would only be able to modify their own logins.
i hope this makes sense, and maybe somebody will have a suggestion to at least get me started...
You could always execute a setuid script (chmod +s) with php but be very carefull
- what could happen if the page reloads and the script get executed more than one time ?
- if the script allows user to change password, make sure they can't do it for the root user
Thanks for the tips. I was planning on using sudo, with the entire path to the script in the sudoers file, and the file only set for read & execute.
I would have built in checking to see if the user exists, etc., as well as only allowing users starting with "ca-" to be added/removed/modified by the script.
Here is the part I'm stuck on, and hopfeully somebody can point me in the right direction:
The system command "passwd" needs to run interactively, so I can't call that from within the php and just feed it variables... how can I actually set/update passwords on the accounts from within a non-interactive php script?
I think that what you want to do is best achieved by creating a directory (say: admin) and setting the .htaccess file in that directory, and then placing the php script there.
This would do two things for you: 1) establish a secure access to the php file. 2) Allow you to run the script with whatever access you need to resources.
There is also the possibility ouf using an "access" file (typically set outside the webserver area (for security reasons) that grants access to using the php script if they are "in the file".
Again, I'm fairly set on security... what I need to know is how to set passwords properlyeither through the php script or a system call. 'passwd' will not work, so I'm looking for a nudge in the right direction for the actual act of setting/updating a password.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.