I am trying to write a CGI program which accesses UNIX configuration files and changes them as required.
The thing is, I don't want the CGI program to be "root" owned - it's Perl based! Is there any way that the Perl CGI program can request a username and password - and then use this to manipulate the config files?
Thanks!
Hmm, not sure if this will help or not. Basically, yes, you can 'request' the username and password and compare with what is on the system. Can you then change files owned by root? Probably. More difficult than I would want to think about.
Unless you are doing this for your own interest (or your company doesn't allow 3rd party software) might one suggest some software: CFengine
If that isn't what you are looking for, then maybe Webmin
I'm sure other will have other software they use and prefer. I've seen both of these but don't use them.
The following can take the input of a password and check it against info in the shadow file by sending the userid in the first parameter and the password in the second.
#!/usr/bin/perl
#
# Grab the user's old password from /etc/shadow and compare to sent
# old password from web page - send back error if not the same
#
# HOG 04/25/02 Another wonderful product from the warped mind of me
# ====================================================================
# Set up variables ------------
$user = "$ARGV[0]";
$oldpass = "$ARGV[1]";
$datenow = "`date '+%h %d %T'`";
#
$userinfo = `/usr/bin/grep $user /etc/shadow`;
($user1, $passwd1, $passextra) = split(/:/, $userinfo, 3);
$salt = substr($passwd1,0,2);
#
# Put testing junk here (print variables)
#
if (crypt($oldpass, $salt) ne $passwd1) {
# =========== FAILED - write to messages file - return error =========
system("/usr/bin/echo \"$datenow progserver chgpwd: ERROR changing $user
password on check\" >> /var/adm/messages");
die "";
}