Date: Tue, 15 Jun 2004 10:42:55 -1000 (HST) From: Julian Cowley <julian@lava.net> To: Ihsan Junaidi Ibrahim <ihsan@synthexp.net> Cc: freebsd-questions@FreeBSD.org Subject: Re: Detaching program from controlling terminal Message-ID: <Pine.LNX.4.58.0406151016310.23170@taurus.cesta.com> In-Reply-To: <40CE8CB9.9050504@synthexp.net> References: <40CE8CB9.9050504@synthexp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Jun 2004, Ihsan Junaidi Ibrahim wrote: > Hi all, > > I'm somehow stuck in the loop now and am hoping some of you can give me > pointers on how to proceed. Due to a customer requirement, I need to > build a simple web-based (via cgi or php) script to change the system > password. They found that sshing to the server and typing passwd to > change the password is wee too involving hence the need to use a much > friendlier interface. Letting the sysadmins change the user's password > is not a good idea, as the sysadmins are outsourced and the users value > their privacy. FYI, all the users has a /sbin/nologin shell set. I'm > running FreeBSD 5.2.1. > > I understand there are two primary way to change a user's password, > either via passwd or pw. Since pw is a root-only program, that doesn't > seem the best way to do it over the web so I'm left with passwd. > > Since passwd gets its input from the controlling terminal, I simply > cannot get an environment variable passed via stdin. Reading over > daemon(8) I finally got it that I need to detach passwd from the > controlling terminal and run it as a daemon. passwd(1) is designed to be interactive -- to do this it interacts with /dev/tty, which is defined if you have a controlling terminal. Since the web server runs as a daemon and has no controlling terminal, passwd won't work and you are out of luck. (Using daemon(8) to run passwd doesn't get you anywhere since it is detaches from the controlling terminal as well.) The only way you can acquire a controlling terminal at this point is to allocate a pair of pseudo-tty devices and fake an interactive session with passwd. This is difficult to program. Fortunately, there is a program called poppassd (part of Qualcomm's qpopper package) which knows how to do this. It runs as a daemon to listen on a network port and uses a simple protocol to accept a username and the old and new passwords. The protocol itself is supported by some mail programs (in particular, Qualcomm's Eudora), but it's also possible to interact with it via a CGI program using network sockets. If you don't go the route of using pw(8), then I recommend doing it using the above method. In fact, there is an old CGI written in Perl somewhere on the net that handles the web portion and uses poppassd as its backend. I don't remember the name of it, sorry, but it should be possible to Google for it. It sounds like it would do what you want. > This is where I entered the loop and never seem to get out of it. I > couldn't get passwd to run properly because once it entered daemon mode, > it locked up the whole terminal and subsequent tries also suffered the > same fate. > > If there's something that I have missed or there's better alternatives, > please point it out. :) > > Thanks, > Ihsan -- In the Year 2000 (tm)... "I will convert to Judasism and change my trademark Fa Shizzle My Nizzle to Sheiztle Fa Zeitzel." -- Snoop Dog
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.58.0406151016310.23170>