• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Using server side scripting to update usernames/passwords of users

Crusty

Crusty

Lifer
I am currently working on the user control panel for my site. I have customers who are renting gaming servers from me, and I do not want to give them shell access to my server so they can restart their server etc etc. They have ftp access so they can change config files and stuff.

I need to be able to login as root into the control panel and create users and be able to change their passwords from there, as well as giving a customer the option to change their password.

I know I can edit /etc/passwd and /etc/shadow through scripts...but I would rather not do that just in case i screw something up. Would their be any way to incorporate using the adduser and passwd commands into a script that would do this?

Edit: Through some googling I got an idea.

If I set up a cron job to run as root that parses the username/password from my mysql table into the passwd/shadow file, but only include users in a certain group, ie only my customers.

Would that be a safer way?
 
The safest way would be for you to ssh in and set up the users. Adding buggy software in front of things like authentication can be icky.

You could write a script to pass the variables, like HardcoreRobot said. Try to filter out stupid things (or hardcode things like the group). If you used systrace or SELinux, you might be able to lock it down even more.
 
Well the biggest issue I see is that if the user wants his/her password changed we have to do it, while it's easy enough to do it would be so much easier to have it be done automatically.

So if say when the user wants to change his password he logs into the control panel changes it there which changes his entry in the db table. Then say every 15 mins a cron job runs that updates the passwords for users using passwd. That seems like the simplest way to do it, does that sound plausible? But since I store the passwords allready encrytped with md5 in the DB I couldn't use passwd could i?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top