Re: Chage script for Linux servers?

On Fri, 22 Dec 2006 14:03:35 -0800, pangea33 wrote:

Ivan Marsh wrote:
On Wed, 20 Dec 2006 11:33:14 -0500, Jerry Stuckle wrote:

Ivan Marsh wrote:
On Tue, 19 Dec 2006 22:19:11 -0800, pangea33 wrote:


Ivan Marsh wrote:

Hey folks,

I'm looking for a script that allows control of account expiration
dates using chage under Linux so non admins can control account
expiration of client accounts. Anyone ever written anything like that?

This is definitely not something you're capable of accomplishing simply
by using PHP. The PHP engine is running on the Linux box, so it's
limited by the security configuration of that server. Including the
security settings that keep non-admin users from modifying settings only
accessible by administrators. Sorry, man.


Are you suggesting it's not possible to shell out and run a sudo command
from a PHP script?

I have complete control over the server in question.

You can, but you're creating a security whole in your server the size of
the Grand Canyon.

Of that I have no doubt... but this isn't a public server so I only have
to worry about "internal" issues.

My response about an inability to do this was due to it being in a php
forum. If you've got full control over this server, why are you using
php? If it's because you're developing an Intranet, you can indeed use
sudo in the script, but will have to either use NOPASSWD or store the
unencrypted admin password in a text document that the webserver user
account can access and read.

Any thoughts about firing off a shell script cron task as root on the
server instead of allowing indiscriminate execution by users?

"Indiscriminate execution by users" is, unfortunately the access I've been
asked to provide.

What the script will ultimately be doing is giving a select group of
internal users the ability to check and reset the password expiration
dates of a white-list of external client users.


.

Relevant Pages

  • Re: Entourage account setup applescript not working
    ... I pasted the script at the end just in case. ... When comparing the account settings on 2 computers, ... This script assists a user with the setup of his Exchange account ... Customize the network and server properties below with information ...
    (microsoft.public.mac.office.entourage)
  • RE: Automatically logon using ActiveX Web Remote Desktop?
    ... - the server must be configured to accept log-ins from the client... ... here is my script so far: ... > We're talking about doing Remote Desktop using the ActiveX browser control. ...
    (microsoft.public.windows.terminal_services)
  • Re: Chage script for Linux servers?
    ... I'm looking for a script that allows control of account expiration ... I have complete control over the server in question. ...
    (comp.lang.php)
  • Re: How to allow users to create groups and shares
    ... I delegated the control of the OU to the group with the test user ... or file server with my test account I get the message that "To log on ... to this remote computer you must have Terminal Server User Access ...
    (microsoft.public.windows.server.active_directory)
  • Re: How grant rights to add servers to domain into a particular OU
    ... It is a Security Group that I am using to Delegate Control to. ... Add the appropriate user account and click Next. ... Click Computer Objects and Create selected objects in this folder. ... I have given the OU Server Admins group "Special Permissions" of Full ...
    (microsoft.public.windows.server.active_directory)