From owner-freebsd-questions Mon Apr 13 05:25:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA12270 for freebsd-questions-outgoing; Mon, 13 Apr 1998 05:25:58 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from darla.swimsuit.roskildebc.dk (pm22-9.image.dk [194.234.169.73]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA12179 for ; Mon, 13 Apr 1998 12:25:45 GMT (envelope-from root@darla.swimsuit.roskildebc.dk) Received: from localhost (localhost [127.0.0.1]) by darla.swimsuit.roskildebc.dk (8.8.8/8.8.8) with SMTP id OAA01498; Mon, 13 Apr 1998 14:26:15 +0200 (CEST) (envelope-from root@darla.swimsuit.roskildebc.dk) Date: Mon, 13 Apr 1998 14:26:15 +0200 (CEST) From: Leif Neland Reply-To: Leif Neland To: Paul Dekkers cc: freebsd-questions@FreeBSD.ORG Subject: Re: password change via the web?! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 13 Apr 1998, Paul Dekkers wrote: > On 12 Apr 1998, Leif Neland wrote: > > > At 12 Apr 98 18:45:06 Niall Smart wrote regarding Re: password change via the > > web?! > > > > NS> Really? I hope not :) Another option would be to make it a > > NS> suid root shell script BUT with only the web server having > > NS> execute permission through supplementary groups. > > > > No need to suid to root, just suid to the user you want to change password for. > > To do that, you need the password for the user. > > And to su to another user, you need a program that is suid root, isn't it? No, try as a regular user: $ su - otheruser You get prompted for the password of the otheruser. So to change the password of some user, you just need the current password of this user. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message