From: Jamie C. <jca...@we...> - 2002-06-05 00:48:04
|
Scott MacKay wrote: > > Actually, found the problem. > > In save_passwd.cgi, the section > if ($config{'passwd_cmd'}) { > > is missing something. After the > @user || &error($text{'passwd_euser'}); > > it should have the line > &can_edit_passwd(\@user) || > &error($text{'passwd_ecannot'}); > > This would be consistent with the else clause and the > previous modules. Absolutely correct .. there is now an update at http://www.webmin.com/updates.html that fixes this as well. > Also, if the original 'index.cgi' called > can_edit_passwd, that would be a little more > consistent. Yeah, but if there are a lot of users calling can_edit_passwd repeatedly would be very slow. > For me, I added the following changes: > 1) Only allow normal and expired passwords to be > reset. (Expires is the password set to '*expired*' for > me). This allows you to keep peeps form giving a > password to a system account > 2) Disallow password to be changed for UID <=100 > This was done (hopefully correctly) by doing the > following in can_edit_passwd: > > if ($_[0]->[2]<=100 || $_[0]->[1] =~ 'NP' || > > (($_[0]->[1]=~/^[*]+.*$/)&&($_[0]->[1]!~/\*expired\*/))) > { > return 0; > } There is already support for controlling access by UID though. You can just enter 100 as the minimum, and enter no maximum. - Jamie |