Using PHP to change system passwords

Anon

Hi !

Iam providing a web-based console for our hosting customers, and I would like to provide them a ficility to change their system passwords(linux). I would like to know if it can be done through PHP and if not, is there any free program (perl, CGI) to do it

Ram

Anon

A warning: make this VERY VERY secure. changing passwords from a web page is like opening up the door to a bank and asking the robbers to have look around in your vault.

Then on to the possibilities:

PHP runs off your webserver, which usually runs as user that does not have the permissions to change user passwords. (running the webserver as root is insane)

Thus, this is only possible if you get "root" to do it.
Make php script that creates a list of usernames and the new passwords they should get.
Then create a script in perl or shell (maybe even PHP in CGI mode)
that will read the file and execute a passwd command with the proper
parameters
one method that should work is in shell:
"echo "new_password" | passwd username --stdin"

this prints out the password, and redirects the output to the passwd command.
the --stdin tells passwd to read the password from the commandline and not to ask for confirmation.

NOTE: If a hacker manages to enter "root" for his username here, you are F'ed.

Put this script into your crontab for root so it executes every x minutes.