The only password you could ever change is the one for the user Tomcat is
running as (nobody i believe).

I've been down the road you're going down. Your options are:

-1- (compiling apache/tomcat to run as user root (unreasonable on anything
other than a intranet environment). big security hole.
-2- you can use the expect programming language. 
-3- you can hand the passwd execution to a cron job that runs as root. just
dump the user to change password into a text file. grep the text file every
5 seconds or something from cron. if an entry exists chpasswd on it and
delete the entry from the file. cron is very light weight. see man chpasswd

HTH



-----Original Message-----
From: Al-Qalb el-Mounir [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 14, 2002 1:53 PM
To: Tomcat Users List
Subject: changing a user's password on linux using jsp exec.


Is it possible? I wrote this jsp file, but nothing
seems to happen. Any ideas?

================== Code ===========
<%@ page import="java.io.DataInputStream"%>
<%@ page import="java.io.DataOutputStream"%>

<%@ page import="java.io.BufferedWriter"%>
<%@ page import="java.io.FileWriter"%>
<%@ page import="java.io.IOException"%>



<%

String username = "TestUserId";

String old_p_word = "oldPassword";

String new_p_word = "newPassword";

   Process proc = null;
  
         
    Runtime thisRun = Runtime.getRuntime();
    
    String cmd = "passwd " + username;
    
    proc = thisRun.exec(cmd); 
   

//Returns a Stream connected to the output of the
child process. 
   
 DataInputStream inputstream = new
DataInputStream(proc.getInputStream());
 //Reads output from process
 
 String procOutputline = inputstream.readLine();
   
    if (procOutputline != null)
    {
       out.println("Process output: " +
procOutputline);
    }
    
//Returns a Stream connected to the input of the child
process. 
//we assume user exists and that the process will ask
for the old password first.

DataOutputStream outputstream = new
DataOutputStream(proc.getOutputStream());
outputstream.writeBytes(old_p_word);

 
//read output from process. We assume that the process
will ask for the new password
 procOutputline = inputstream.readLine();
    
     if (procOutputline != null)
     {
        out.println("Process output: " +
procOutputline);
    }

//send value of new password to the process.    
outputstream.writeBytes(new_p_word);


//Process should ask us to confirm the new password
//Returns a Stream connected to the output of the
child process. 

 procOutputline = inputstream.readLine();
    
     if (procOutputline != null)
     {
        out.println("Process output: " +
procOutputline);
    }

//confirm the new password to the process.    
outputstream.writeBytes(new_p_word);


 //Waits for the subprocess to complete. 
 proc.waitFor();

 //Returns the exit value for the subprocess.    
   out.println("Process existed with value: "
+proc.exitValue());
 
 //Returns the an InputStream connected to the error
stream of the child process. 
    DataInputStream errorinputstream = new
DataInputStream(proc.getErrorStream());
     String line = errorinputstream.readLine();
    
     if (line != null)
     {
        throw new Exception("There was a problem
changing password for : " + username + " --" + line);
     }
    
    //out.println("The output string is
"+proc.toString()); 
    proc.destroy(); 
  
  
%>

================= End of code.



__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Reply via email to