NYCPHP Meetup

NYPHP.org

[nycphp-talk] Changing UNIX shadow passwords with PHP

csnyder chsnyder at gmail.com
Tue Mar 15 14:44:46 EST 2005


On Tue, 15 Mar 2005 14:20:17 -0500, Rolan Yang <rolan at omnistep.com> wrote:
> Another safer way to go about it would be to append all password
> requests to a designated file, in the format "username:password" then
> create a root owned cron script which runs "/usr/sbin/chpasswd
> <thefile>" every minute or so. You would want to employ some method of
> file locking within the cron script and also the php script because if
> the job runs while the php script is writing to the file, odd things can
> happen.

Please pretend that this is the *only* way to carry this out. Giving
the webserver access to sudo is just asking for BIG trouble down the
line. The very idea makes me shudder (sorry, Rolan).

Your cron script should probably respect a list of "never change"
accounts, including root and whatever account you use for shell
access.



More information about the talk mailing list