tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dahnke, Eric" <EDah...@nextsource.com>
Subject RE: changing a user's password on linux using jsp exec.
Date Thu, 14 Feb 2002 19:42:32 GMT

Do a man chpasswd from the linux command line. See the format it expects
(user_name:password). Just write the username and pw into a file using that
format from your tomcat app. (say the file is: /tmp/new_pw). chown new_pw to
nobody.nobody or chmod it 666.

Then in your /etc/crontab file add:

05 * * * * root chpasswd /tmp/new_pw

This will run the chpasswd as root every 5 seconds. Actually rather than
calling chpasswd from cron I would create a shell script that does some
checking to make sure that your web app isn't trying to change the pw for
root or any other important system users. And that also empties the file
new_pw after chpasswd is run. Be careful. Don't look yourself out of your
machine on my account ;->






-----Original Message-----
From: Al-Qalb el-Mounir [mailto:falocite@yahoo.com]
Sent: Thursday, February 14, 2002 2:30 PM
To: Tomcat Users List
Subject: RE: changing a user's password on linux using jsp exec.


Hi Dahnke,
The cron idea seems interesting. Do you have something
working? Or even an example for me to follow.

Thanks.


--- "Dahnke, Eric" <EDahnke@nextsource.com> wrote:
> 
> The only password you could ever change is the one
> for the user Tomcat is
> running as (nobody i believe).
> 
> I've been down the road you're going down. Your
> options are:
> 
> -1- (compiling apache/tomcat to run as user root
> (unreasonable on anything
> other than a intranet environment). big security
> hole.
> -2- you can use the expect programming language. 
> -3- you can hand the passwd execution to a cron job
> that runs as root. just
> dump the user to change password into a text file.
> grep the text file every
> 5 seconds or something from cron. if an entry exists
> chpasswd on it and
> delete the entry from the file. cron is very light
> weight. see man chpasswd
> 
> HTH
> 
> 
> 
> -----Original Message-----
> From: Al-Qalb el-Mounir [mailto:falocite@yahoo.com]
> Sent: Thursday, February 14, 2002 1:53 PM
> To: Tomcat Users List
> Subject: changing a user's password on linux using
> jsp exec.
> 
> 
> Is it possible? I wrote this jsp file, but nothing
> seems to happen. Any ideas?
> 
> ================== Code ===========
> <%@ page import="java.io.DataInputStream"%>
> <%@ page import="java.io.DataOutputStream"%>
> 
> <%@ page import="java.io.BufferedWriter"%>
> <%@ page import="java.io.FileWriter"%>
> <%@ page import="java.io.IOException"%>
> 
> 
> 
> <%
> 
> String username = "TestUserId";
> 
> String old_p_word = "oldPassword";
> 
> String new_p_word = "newPassword";
> 
>    Process proc = null;
>   
>   	 
>     Runtime thisRun = Runtime.getRuntime();
>     
>     String cmd = "passwd " + username;
>     
>     proc = thisRun.exec(cmd); 
>    
> 
> //Returns a Stream connected to the output of the
> child process. 
>    
>  DataInputStream inputstream = new
> DataInputStream(proc.getInputStream());
>  //Reads output from process
>  
>  String procOutputline = inputstream.readLine();
>    
>     if (procOutputline != null)
>     {
>        out.println("Process output: " +
> procOutputline);
>     }
>     
> //Returns a Stream connected to the input of the
> child
> process. 
> //we assume user exists and that the process will
> ask
> for the old password first.
> 
> DataOutputStream outputstream = new
> DataOutputStream(proc.getOutputStream());
> outputstream.writeBytes(old_p_word);
> 
>  
> //read output from process. We assume that the
> process
> will ask for the new password
>  procOutputline = inputstream.readLine();
>     
>      if (procOutputline != null)
>      {
>         out.println("Process output: " +
> procOutputline);
>     }
> 
> //send value of new password to the process.    
> outputstream.writeBytes(new_p_word);
> 
> 
> //Process should ask us to confirm the new password
> //Returns a Stream connected to the output of the
> child process. 
> 
>  procOutputline = inputstream.readLine();
>     
>      if (procOutputline != null)
>      {
>         out.println("Process output: " +
> procOutputline);
>     }
> 
> //confirm the new password to the process.    
> outputstream.writeBytes(new_p_word);
> 
> 
>  //Waits for the subprocess to complete. 
>  proc.waitFor();
> 
>  //Returns the exit value for the subprocess.    
>    out.println("Process existed with value: "
> +proc.exitValue());
>  
>  //Returns the an InputStream connected to the error
> stream of the child process. 
>     DataInputStream errorinputstream = new
> DataInputStream(proc.getErrorStream());
>      String line = errorinputstream.readLine();
>     
>      if (line != null)
>      {
>         throw new Exception("There was a problem
> changing password for : " + username + " --" +
> line);
>      }
>     
>     //out.println("The output string is
> "+proc.toString()); 
>     proc.destroy(); 
>   
>   
> %>
> 
> ================= End of code.
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Send FREE Valentine eCards with Yahoo! Greetings!
> http://greetings.yahoo.com
> 
> --
> To unsubscribe:  
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands:
> <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list:
> <mailto:tomcat-user-owner@jakarta.apache.org>
> 
> --
> To unsubscribe:  
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands:
> <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list:
> <mailto:tomcat-user-owner@jakarta.apache.org>
> 


__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message