Richard Hector wrote:
Hi all, I want my users to be able to change their http basic auth passwords (currently in /etc/apache/ok_users/<category> - but open to suggestions). Ideally this would be via the web site itself, but I'm struggling to see how to make suEXEC do what I want, especially while trying to learn the CGI and Apache::Htpasswd modules at the same time. It seems to require my script to be either in the main document tree or in a UserDir, neither of which seems ideal - especially since I only want this script usable on one vhost (on my internal LAN) and my UserDirs are accessible from all. Have I missed something here? Alternatively, I don't mind if they have to use a shell on the webserver. I'd prefer an existing solution if it's available, but I haven't found anything yet - writing suid stuff still scares me a bit :-) Any suggestions?
A server that I have an account on lets you change your web password with the following setuid root c program:
#define PASSWD_FN "/etc/apache/something.passwd" #define HTPASSWD_BIN "/usr/bin/htpasswd" #include <pwd.h> #include <sys/types.h> #include <unistd.h> int main(int argc, char **argv) { struct passwd *pwd_ent; pwd_ent = getpwuid(getuid()); execl(HTPASSWD_BIN, HTPASSWD_BIN, PASSWD_FN, pwd_ent->pw_name, 0); }I have no idea how well vetted it is[this same server is a potato server that has never been patched for the ptrace vulnerability]. There is only one login/password for the entire site[stored in /etc/apache/something.passwd], but you may be able to adapt it[it is fairly simple code...].
Attachment:
pgpevuhNnrCWy.pgp
Description: PGP signature