Linux password reset via Webmin for endusers

Searching for a viable option for endusers to reset or change their passwords, I have come up empty. Maybe I just searched wrong.

Anyway, I normally don’t do any administration using web interfaces (such as Confixx, Plesk and the like), but I have come across Webmin, which is “a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more.”

Webmin supports user administration. Any account can implement the role of “Change Passwords”. Unfortunately, this will enable this particular user to change any other users password. Lucky for me, Webmin is OSS and written in Perl. So a quick four line code change does exactly what I need.

This is how the Munin front-end looks after the patch. If you’re not root, you can only change your own password. End of line.

If you want to recreate this setup on your machine, you can download the patch here and apply it with

$ patch /usr/share/webmin/passwd/index.cgi > index.patch

Have fun.

See and download the full gallery on posterous

Category: articles | Tags: , , 8 comments »

8 Responses to “Linux password reset via Webmin for endusers”

  1. Dustin

    The code doesn’t work for webmin 1.580. I changed the line to the following to get it function:
    @grid = ““.$remote_user.”“;

    after the edit it worked perfectly. Thanks for the tip!

  2. Dustin

    ok guess i need to put it in code tags….

    @grid = "".$remote_user."";

  3. Dustin

    @grid = ““.$remote_user.”“;

  4. Dustin

    oh jeez im sorry for the mess. I’m trying to be helpful… please delete all my fail if you get around to it.

    inside the href it needs to equal the following:

  5. vis

    the above patch is not working for webmin 1.600.1

    can you help me

  6. Alain M. Lafon

    Sorry, I haven’t worked with Webmin in a while.

  7. vis


    I am getting the below error while patching :

    patching file index.cgi
    Hunk #1 FAILED at 76.
    1 out of 1 hunk FAILED — saving rejects to file index.cgi.rej

  8. lolokoliesko

    its’ potential security hole when user is able to push GET/POST request with “/edit_passwd.cgi?root” to change pass to some other user.. that patch reflects only to gui and verification on server side is missing..
    quite risky way..