I must change passwords from customers with a cgi-script (html -> cgi-script -> change pw in /etc/passwd). I've create a short script but I'm not sure, if it's safty or not?
How it works: a user must enter his username, old password and his new password. First, I check if the old password matches his actual password. If so, I create with some commandline tools the password string for /etc/shadow.
I will also implement a feature which disallows password changes for root and other system accouts. Would be nice to get some feedback!#!/usr/bin/perl -w my $benutzername = "test"; my $passwordold = "password"; my $passwordnew = "freeSt19"; $pwd = (getpwnam($benutzername))[1]; #check, if the user knows his old password: if (crypt($passwordold, $pwd) ne $pwd) { die "Sorry...\n"; } else { print "ok\n"; } my $cryptedShadowString = `echo "$passwordnew"|openssl passwd -1 -stdi +n`; chomp($cryptedShadowString); my @Zeilen = (""); open(DATA, "</etc/shadow") || die "Datei mit E-Mails nicht gefunden\n" +; while(<DATA>) { push(@Zeilen,$_); } close(DATA); #Write the new shadow-file open(SHADOW, ">/etc/shadow"); for(@Zeilen){ if( $_ =~ m/^$benutzername/){ my @pwField = split( /:/, $_); $pwField[1] = $cryptedShadowString; print SHADOW $pwField[0].":".$pwField[1].":".$pwField[2].":".$ +pwField[3].":".$pwField[4].":".$pwField[5].":".$pwField[6].":".$pwFie +ld[7].":".$pwField[8]; }else{ print SHADOW $_; } } close(SHADOW); $mode = 0640; chmod $mode, "/etc/shadow"; `chown root /etc/shadow`; `chgrp shadow /etc/shadow`;
In reply to change unix password with cgi-script by miggel15
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |