Since you're going to ask the user for their password, anyway, I suggest that you use the "passwd" command within your script. There's no need to make your entire script setuid root just for this. Also, if the script is running as a user, why would you ask for their username (unless you're letting people change other people's passwords which is again a bad idea). I'm not trying to be mean here; I just really don't think you need a setuid script here, when it sounds like you're just making a gui frontend to passwd. On Wed, Nov 06, 2002 at 08:02:45PM +0530, Haresh Motwani wrote: > Actually, I need to edit /etc/passwd file thru a gui. The user will be > asked to enter his username and current pwd along with the new pwd. On > submit the script will validate the current pwd and then change it. For > this I need to run a script which will be able to edit my /etc/passwd file. > Obviously in this case the script would be running as user. > > At 08:41 AM 11/6/02 -0500, you wrote: > > > >Whoa, why do you need to do this? it's generally a really bad idea. > >If you need a user to edit his/her own info via this script, that's what > >commands like passwd, chfn, and chsh are for. Otherwise, only root should be > >running something like this. > > > >--Andy > > > > > >On Wed, Nov 06, 2002 at 12:49:43PM +0530, Haresh Motwani wrote: > > > I need to read and edit /etc/passwd file thru a script which is running as > > > a user. > > > > > > Can suEXEC do it? is there any other way of doing it. > > > > > > > > > -- Attached file included as plaintext by Ecartis -- > > > > > > > > > --- > > > Outgoing mail is certified Virus Free. > > > Checked by AVG anti-virus system (http://www.grisoft.com). > > > Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02 > > > > > > > > > ------------------------------------------------------------------------ > > > To unsubscribe email security-discuss-request@linuxsecurity.com > > > with "unsubscribe" in the subject of the message. > > > > >------------------------------------------------------------------------ > > To unsubscribe email security-discuss-request@linuxsecurity.com > > with "unsubscribe" in the subject of the message. > > > > > >--- > >Incoming mail is certified Virus Free. > >Checked by AVG anti-virus system (http://www.grisoft.com). > >Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02 > > > -- Attached file included as plaintext by Ecartis -- > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02 > > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
