[rochester-pm-list] New Member and a question

Brian Mathis bmathis at directedge.com
Wed Dec 22 10:12:29 CST 1999 

On Tue, 21 Dec 1999, Derek Kalweit wrote:
>     Hello all! I just discovered this Perl Mongers user group, and look
> forward to meeting you all at the January meeting! I saw the site. I have
> to say it's impressive-- I like the use of style sheets for the calendars,
> and the colors are extremely complementary of each other. I sure do hope
> you use a perl script to generate those calendars and don't do it by hand
> for each month.. :->

Heh.  Sadly, I do them by hand.  A Perl script would be nice, but it only
takes about 5 minutes every 2 months. :)  I'm glad you like the site
though.

>     Anyways, what had me searching the web for PERL info that caused me to
> stumble across this group, is this. I'm writing a script to help in some
> system administration. It can only be run(or even read) by root, and it's
> even still hidden in a directory only accessable by root. Currently, I
> need to run this script by hand, as it calls the 'passwd' command to
> change a couple passwords. This is tedius, and I'd like to pipe the
> password in through my script. I know the whole idea of piping to passwd
> is a possible security hole, and I'm sure that's why it's not working when
> I try it(I can pipe to other apps just fine). Is there any way around
> this, or some other way to change the passwords on the system with my
> script? As for where the passwords to be used are stored, they're stored
> in an SQL database on the local machine(only accessable on the local
> machine by a specific user), and they're encrypted. Any suggestions? Thank
> you!

Well, there a quite a few ways to do this.  Doing any sort of password
stuff is a pain though.  One method I've used before is using the
Net::Telnet module.  You use it to telnet to localhost, log in as that
user, then you can invoke the passwd program.  The thing with the passwd
program is that it checks to see if it's on an interactive tty, and won't
accept input from anything except that.  Net::Telnet acts like an
interactive tty, so passwd never knows the difference.  This also
eliminates the need to run suid root.

One small issue with this method is you need to handle all the possible
responses that 'passwd' could possibly throw at you, including "password
too short", etc.  You could read this from the output stream though and
just pass it right on to the user.

I think there's also a way to connect Net::Telnet to an already open pty,
but I've never done it.

If this is a 1 time run type of thing, you could just operate on the
passwd file directly.  It's not as safe, but much easier.


-- 
Brian Mathis
Direct Edge
http://www.directedge.com

More information about the Rochester-pm mailing list