Re: Editing /etc/passwd as a non-root user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chuck Peters wrote:

> Try usermin, part of the webmin project.  webmin/usermin runs as
> root and uses PAM to change the password.  
- ----------------------------------------------------------------------
- -----------------

The original author of this thread requested help in overcoming this
problem, being a non-root user, so this doesn't really apply here.

Someone suggested simply using the 'passwd' command through the
program. In my opinion this is the most STABLE way of going about
things. 
If your GUI is backended with the BASH SHELL SCRIPT, then there
really isn't any problem of passage of password arguments . On the
other hand, if you're using GTK+ for your GUI which would mean you're
most probably doing the coding in C/C++, the 'glibc' execv(),
execve(), execl(), execvp() calls will be of use to you for your
required purpose.
Read the man pages for these calls.

Ali Saifullah Khan,

Asstt. Project Administrator,
GemSEC Information Security Division,
Gem Internet Services, (Pvt.) Ltd.
Key ID               : 0xA3B7379C 
Key Fingerprint : 111F D465 3FB0 C02E 4080 8DE6 D887 CA97 A3B7 379C 

- ----- Original Message ----- 
From: Chuck Peters <cp@linuxtech.com>
To: <security-discuss@linuxsecurity.com>
Sent: Friday, November 08, 2002 12:45 AM
Subject: Re: Editing /etc/passwd as a non-root user


> On Wed, 6 Nov 2002, Haresh Motwani wrote:
> 
> > Actually, I need to edit /etc/passwd file thru a gui. The user
> > will be asked to enter his username and current pwd along with
> > the new pwd. On submit the script will validate the current pwd
> > and then change it. For this I need to run a script which will be
> > able to edit my /etc/passwd file. Obviously in this case the
> > script would be running as user.
> 
> Try usermin, part of the webmin project.  webmin/usermin runs as
> root and uses PAM to change the password.  Because it is a fairly
> mature opensource project, its likely to have better security that
> a customized GUI.  That being said, I don't put things like that on
> my servers!  Customer
> requirments vary...
> 
> Depending on the requirements, I would setup some iptables rules so
> it would only be accessible from specified IP's.  That would lessen
> the chance of a exploit.
> 
> Chuck Peters, Systems Administrator, Network Engineer and Linux
> Tech. StarrySkies Network, http://StarrySkies.com, publishing
> science articles since 1995. http://StarrySkies.Net, an online
> science community.
> http://StarryMessenger.Net, the weekly newsletter of StarrySkies.
> 
> 
> >
> > At 08:41 AM 11/6/02 -0500, you wrote:
> >
> >
> > >Whoa, why do you need to do this?  it's generally a really bad
> > >idea. If you need a user to edit his/her own info via this
> > >script, that's what commands like passwd, chfn, and chsh are
> > >for.  Otherwise, only root should be running something like
> > >this.
> > >
> > >--Andy
> > >
> > >
> > >On Wed, Nov 06, 2002 at 12:49:43PM +0530, Haresh Motwani wrote:
> > > > I need to read and edit /etc/passwd file thru a script which
> > > > is running as a user.
> > > >
> > > > Can suEXEC do it? is there any other way of doing it.
> > > >
> > > >
> > > > -- Attached file included as plaintext by Ecartis --
> > > >
> > > >
> > > > ---
> > > > Outgoing mail is certified Virus Free.
> > > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > > Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02
> > > >
> > > >
> > > > --------------------------------------------------------------
> > > > ---------- 
> > > >      To unsubscribe email
> > > > security-discuss-request@linuxsecurity.com 
> > > >          with "unsubscribe" in the subject of the message.
> > > >
> > >-----------------------------------------------------------------
> > >------- 
> > >      To unsubscribe email
> > > security-discuss-request@linuxsecurity.com 
> > >          with "unsubscribe" in the subject of the message.
> > >
> > >
> > >---
> > >Incoming mail is certified Virus Free.
> > >Checked by AVG anti-virus system (http://www.grisoft.com).
> > >Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02
> >
> >
> > -- Attached file included as plaintext by Ecartis --
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02
> >
> >
> > ------------------------------------------------------------------
> > ------ 
> >      To unsubscribe email
> > security-discuss-request@linuxsecurity.com 
> >          with "unsubscribe" in the subject of the message.
> >
> 
> --------------------------------------------------------------------
> ---- 
>      To unsubscribe email
> security-discuss-request@linuxsecurity.com 
>          with "unsubscribe" in the subject of the message.
> 

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPdEJJtiHypejtzecEQJiQACg79y6BoWBWH3HkzadW8ezPA4u8fwAoMqb
AWWgNeIbcYN5v7I7Ti0lfiow
=jEKC
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux