Results 1 to 5 of 5
Hi,
I want to verify the root password. I am using rPath linux and my use case is like this:
1. There is screen in my application through which user ...
- 05-26-2010 #1Just Joined!
- Join Date
- May 2010
- Posts
- 2
How to verify the root password
Hi,
I want to verify the root password. I am using rPath linux and my use case is like this:
1. There is screen in my application through which user can change the root user's password. He provides 2 information in the screen
i. existing password
ii. new password
2. I use a shell script in the back end that uses the "passwd" command to do it. And it doesn't ask for the existing password.
But, my business use case is if user enters wrong existing password, I should not reset the password and throw some error message.
How do I verify the existing root user's password? And also keep in mind that I am already in that linux box (logged in as root).
Plz, help me with this. Also let me now if there is any smarter way of doing it other than "passwd" command.
- 05-26-2010 #2Linux Guru
- Join Date
- Sep 2006
- Location
- 3rd rock from sun - Often seen near moon
- Posts
- 1,568
Here is my suggestion :
#since you logged in as root - passwd not promting for existing root password.
#example root pwd is : abc and i have normal user account called laks
#get root user password from user , user gave " xyz"
#su laks
# now i'm not a root user just a normal user.
# now try to login to root with user given password "xyz"
laks>su root # here pass "xyz"
#if login fails - don't reset the password
#if user gave correct password then - just go ahead and change it.
the key point is - switch between normal user and root user.- Lakshmipathi.G
-------------------
FOSS India Award winning ext3fs Undelete tool and tutorials www.giis.co.in
First they criticize you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
-------------------
- 05-31-2010 #3Just Joined!
- Join Date
- May 2010
- Posts
- 2
Thank you Lakshmipathi.
But, "su" is an interactive command. How do give both username and password in the script file itself ?
- 05-31-2010 #4Linux Guru
- Join Date
- Sep 2006
- Location
- 3rd rock from sun - Often seen near moon
- Posts
- 1,568
Normally "here doc" will be used for interactive shell scripts.Here Documents - But i'm not sure whether su will work with here doc -- because this is serious security issue.
- Lakshmipathi.G
-------------------
FOSS India Award winning ext3fs Undelete tool and tutorials www.giis.co.in
First they criticize you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
-------------------
- 05-31-2010 #5Linux Guru
- Join Date
- Apr 2009
- Location
- I can be found either 40 miles west of Chicago, or in a galaxy far, far away.
- Posts
- 8,974
Your application is likely running as a root user if it isn't authenticating the old password. This is very, very bad form and can only happen if either the application was started by root, or is suid root (chmod +s appname). If it is running as root, then what it is doing is understandable - the system doesn't know that the connected user isn't root, and just changes it.
Sometimes, real fast is almost as good as real time.
Just remember, Semper Gumbi - always be flexible!
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts