Detaching program from controlling terminal
julian at lava.net
Tue Jun 15 13:44:57 PDT 2004
On Tue, 15 Jun 2004, Ihsan Junaidi Ibrahim wrote:
> Hi all,
> I'm somehow stuck in the loop now and am hoping some of you can give me
> pointers on how to proceed. Due to a customer requirement, I need to
> build a simple web-based (via cgi or php) script to change the system
> password. They found that sshing to the server and typing passwd to
> change the password is wee too involving hence the need to use a much
> friendlier interface. Letting the sysadmins change the user's password
> is not a good idea, as the sysadmins are outsourced and the users value
> their privacy. FYI, all the users has a /sbin/nologin shell set. I'm
> running FreeBSD 5.2.1.
> I understand there are two primary way to change a user's password,
> either via passwd or pw. Since pw is a root-only program, that doesn't
> seem the best way to do it over the web so I'm left with passwd.
> Since passwd gets its input from the controlling terminal, I simply
> cannot get an environment variable passed via stdin. Reading over
> daemon(8) I finally got it that I need to detach passwd from the
> controlling terminal and run it as a daemon.
passwd(1) is designed to be interactive -- to do this it interacts with
/dev/tty, which is defined if you have a controlling terminal. Since
the web server runs as a daemon and has no controlling terminal, passwd
won't work and you are out of luck. (Using daemon(8) to run passwd
doesn't get you anywhere since it is detaches from the controlling
terminal as well.) The only way you can acquire a controlling terminal
at this point is to allocate a pair of pseudo-tty devices and fake
an interactive session with passwd. This is difficult to program.
Fortunately, there is a program called poppassd (part of Qualcomm's
qpopper package) which knows how to do this. It runs as a daemon
to listen on a network port and uses a simple protocol to accept
a username and the old and new passwords. The protocol itself is
supported by some mail programs (in particular, Qualcomm's Eudora),
but it's also possible to interact with it via a CGI program using
If you don't go the route of using pw(8), then I recommend doing it
using the above method. In fact, there is an old CGI written in Perl
somewhere on the net that handles the web portion and uses poppassd as
its backend. I don't remember the name of it, sorry, but it should be
possible to Google for it. It sounds like it would do what you want.
> This is where I entered the loop and never seem to get out of it. I
> couldn't get passwd to run properly because once it entered daemon mode,
> it locked up the whole terminal and subsequent tries also suffered the
> same fate.
> If there's something that I have missed or there's better alternatives,
> please point it out. :)
In the Year 2000 (tm)... "I will convert to Judasism and change my
trademark Fa Shizzle My Nizzle to Sheiztle Fa Zeitzel." -- Snoop Dog
More information about the freebsd-questions