On Sep 8, 2004, at 9:01 PM, Alexandre Vieira wrote:
Thanks for your input but I wasn't explicit enough. We use a non-browsing services, it's just simple smtp/pop3 with no panels. However, this users have shell access to the server and I was thinking that maybe there were a way to modify passwords with the bin/vchangepw but when i use it as a regular user it gives me the following error (and yes the user exists):

Read the notes in the source to the program to learn how to set it up correctly:

 * Usage Note:
 * The binary "vchangepw" is added. I set up another
 * user account with this binary as shell and uid/gid
 * identical to vpopmail. Now users can ssh to the box
 * as this user and change the password remote without
 * asking me. It's as secure as everything else when the
 * login is only allowed with ssh, so everything is
 * crypted.
 * If you don't create an account as above, you will need to change
 * permissions and ownership on vchangepw to suid vpopmail.

It should be safe to use -- setuid doesn't work when run under strace, so there's no chance that a user could trace the process to learn a user's password (or, worse yet, the MySQL user/pass).

Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/

Reply via email to