Necessity is the mother of all invention they say and so was my case for developing a simple front end for changing samba passwords using django. I am not sure if this is the safest way of doing it and would love if someone would help me in implementing this better. I have listed out the procedure of development and the scripts. This might just well be used as a script.
First I created a user and gave him sudo permission only for changing using pdbedit. In Linux edit the sudo file using visudo command and add this line:
user_name host=/path_to/pdbedit NOPASSWD
I used NOPASSWD so I do not have to authenticate again. I am not sure if this could be a security hole (Please comment on this issue). The user_name will be the one that is executing python for django.
The next step was to create a bash script to run to change the password using pdbedit. Using bash:
#!/bin/bash #Saved as change-samba-password.sh USER=$2 PASS=$1 echo -ne $PASS'\n'$PASS | pdbedit $USER -a -t
Now for the django script:def setSambaPassword(request): if request.method == 'POST': password = str(request.POST['password']) user = str(request.POST['user']) command = "sudo /path_to/change-samba-password.sh " + password + ' ' + user args = shlex.split(command) p = subprocess.Popen(args) return HttpResponse('<h1>Success</h1>') else: return HttpResponse('<h1>Failure</h1>')
All you have to do is create a view to send the user name and password to this function. This is just on my test system and have not yet implemented it to the live machine. But this just saved me a huge process of resetting passwords using a shell and to bring a centralized system to reset passwords for other protocols too. Do let me know if there is a better way to do this, a more secure way. As my server is strictly for local network usage I feel I can take the risk but would like to implement it on a larger scale too.Advertisements