Linux password reset via Webmin for endusers
Searching for a viable option for endusers to reset or change their passwords, I have come up empty. Maybe I just searched wrong.
Anyway, I normally don’t do any administration using web interfaces (such as Confixx, Plesk and the like), but I have come across Webmin, which is “a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more.”
Webmin supports user administration. Any account can implement the role of “Change Passwords”. Unfortunately, this will enable this particular user to change any other users password. Lucky for me, Webmin is OSS and written in Perl. So a quick four line code change does exactly what I need.
This is how the Munin front-end looks after the patch. If you’re not root, you can only change your own password. End of line.
If you want to recreate this setup on your machine, you can download the patch here and apply it with
$ patch /usr/share/webmin/passwd/index.cgi > index.patch
Have fun.
Category: articles | Tags: Administration, Linux, Web 8 comments »
April 18th, 2012 at 8:03 pm
The code doesn’t work for webmin 1.580. I changed the line to the following to get it function:
@grid = ““.$remote_user.”“;
after the edit it worked perfectly. Thanks for the tip!
April 18th, 2012 at 8:04 pm
ok guess i need to put it in code tags….
@grid = "".$remote_user."";
April 18th, 2012 at 8:06 pm
@grid = ““.$remote_user.”“;
April 18th, 2012 at 8:08 pm
oh jeez im sorry for the mess. I’m trying to be helpful… please delete all my fail if you get around to it.
inside the href it needs to equal the following:
\”edit_passwd.cgi?”.”user=$remote_user\”
November 12th, 2012 at 12:15 pm
the above patch is not working for webmin 1.600.1
can you help me
November 12th, 2012 at 3:06 pm
Sorry, I haven’t worked with Webmin in a while.
November 12th, 2012 at 12:59 pm
Hi
I am getting the below error while patching :
patching file index.cgi
Hunk #1 FAILED at 76.
1 out of 1 hunk FAILED — saving rejects to file index.cgi.rej
April 23rd, 2013 at 10:56 am
its’ potential security hole when user is able to push GET/POST request with “/edit_passwd.cgi?root” to change pass to some other user.. that patch reflects only to gui and verification on server side is missing..
quite risky way..