Login/Register
Using shell_exec('passwd') to change a user's password
Asked Answered
phpsudoshell-execpasswd
A

9

3

I need to be able to change the users' password through a web page (in a controlled environment). So, for that, I'm using this code:

<?php
$output = shell_exec("sudo -u dummy passwd testUser testUserPassword");
$output2 = shell_exec("dummyPassword");
echo $output;
echo $output2;
echo "done";
?>

My problem is that this script is not changing the password for the user "testUser". What am I doing wrong?

Thanks

Annotation answered 24/9, 2008 at 14:20 Comment(1)
Other than the shell access method being wrong, like all the answers try to resolve, the passwd command is wrong. At least in my book you cannot just write the new password like that on the commandline.Sawicki
H
3

Another option is to have a shell script, say called passwd_change.sh somewhere that looks like this:

#!/usr/bin/expect -f
set username [lindex $argv 0]
set password [lindex $argv 1]

spawn passwd $username
expect "(current) UNIX password: " 
send "$password\r"
expect "Enter new UNIX password: "
send "$password\r"
expect "Retype new UNIX password: "
send "$password\r"
expect eof

Then in your php code do:

<?php
shell_exec("sudo -u root /path/to/passwd_change.sh testUser testUserPass");
?>
Hawes answered 24/9, 2008 at 14:42 Comment(3)
According to your current code, wouldn't the script try to send their new password as their current password? This wouldn't make sense unless the user was setting their new password to be the same as their old password...Ximenez
Also, this script fails because when calling passwd using root, it doesn't ask the root user for the user's current password.Ximenez
This method works nonetheless, despite the code being wrong. Ubuntu at least will not accept the old password to the new, a change which makes no sense anyway. Alter the script a bit and it works.Sawicki
S
2

I'm not familiar enough with PHP to tell you how to fix it, but your problem is that the two shell_exec commands are entirely separate. It appears as though you're trying to use the second command to pipe input to the first one, but that's not possible. The first command shouldn't return until after that process has executed, when you run the second one it will attempt to run the program dummyPassword, which we can probably expect to fail.

Seafarer answered 24/9, 2008 at 14:24 Comment(0)
W
2

Use proc_open, which will let you interact with the process's stdin.

See this comment in particular at the manual: http://www.php.net/manual/en/function.proc-open.php#58044

West answered 24/9, 2008 at 14:35 Comment(0)
S
2

The first response is correct. You probably want to use popen() or some other function that will return a pipe, which you can write to just like a file opened with fopen() or file(). 

<?php
$pipe = popen("sudo -u dummy passwd testUser testUserPassword", 'r');
fwrite($pipe, "dummyPasswd\r\n");
pclose($pipe);
echo "done";
?>

I haven't tested that, but it's the general idea of what you seem to be going for. You'll notice that this setup doesn't provide for the output from the commands you executed. For that, you'll need to use proc_open() which is a little harder to work with but does provide bi-directional support.

Spree answered 24/9, 2008 at 14:38 Comment(1)
I didn't get this method to work at all. Even if the mode of popen should be 'w', and the passwd command written correctly.Sawicki
W
2

Use chpasswd:

$tmpfname = tempnam('/tmp/', 'chpasswd');
$handle = fopen($tmpfname, "w");
fwrite($handle, "$username:".crypt($password)."\n");
fclose($handle);
shell_exec("sudo sh -c \"chpasswd -e < $tmpfname\"");

Beware! If somebody will get control on $username then he can change any password on a system.

Whitewall answered 24/9, 2008 at 14:52 Comment(1)
It really looked nice your solution, but my unix system does not have the "chpasswd" command. Thank you anywayAnnotation
R
0

You should use the crypt() function to encrypt the password. Then you can call the usermod program like this usermod --password username encryptedpassword.

The most common way to encrypt a UNIX login password is like this:

crypt('password', '$1$salt1234$')

(Where salt1234 is an eight letter salt)

Roadster answered 25/9, 2008 at 9:49 Comment(0)
K
0

An easy I know and which works (at least for Debian 4.0r5) is:

#!/bin/bash

USER="root"
NEWPASS="bullsheit123"

echo $USER:$NEWPASS | chpasswd
echo $?

Just adapt this to the php script and it should work fine.

Kalvn answered 20/12, 2008 at 19:36 Comment(0)
C
0

I it is way too late but this is for people still searching answer. This is what we use. Extremely simple.

    file_put_contents("passd", "$pass\n$pass\n");
    echo "$uname: $pass\n";
    `passwd $uname --stdin < passd`;
    `rm -rf passd`;
Conductive answered 3/8, 2011 at 13:16 Comment(0)
L
0

I prefer using 2 separate processes: http://sylnsr.blogspot.com/2012/09/keep-unix-password-in-sync-with.html

Lookthrough answered 20/9, 2012 at 23:13 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.