I host some websites for people with a simple server. I can't afford nifty things like cpanel, and I don't want to waste memory on a giant blob of perl like webmin. I am wondering if anyone has come up with a script so my users can change their password. I tried Googling but I couldn't find much.
Someone should have come up with something. It would be good if it asked for the current password.
Yes, the users have shell access, know how to follow directions, and how to type.
No. And you shouldn't do that. It is a big security hole. Even cPanel does not allow you to change password for user just like that. You need to enter the old one first.
Why should anyone need to change their mysql password often?
There is a big security problem when you'd allow your users to reset their own passwords, or add new users to the MySQL server - this requires MySQL root access - sure it can be accessed via the mysql command ( mysql -u root -p ) but you don't want to give users something like that.
But you can have a bash script (or ruby/python/php ) script that would be run as the root user to add new users or modify passwords for existing MySQL users.
If these are users you trust (know them personally and you know that they can will not mess this up) you can setup a sort of a admin account for them which would have access to do this sort of thing - sure they would have access to the whole MySQL server via that.
Another approach would be to setup a "admin" group which would have access to the mysql admin script, the script can read the mysql root password that is only readable by root and the "admin" group, thus allowing them to proceed. Also create a list of user IDs that the script would read and deny access to any user ID that isn't in the list.
The thing with the web panels is that they give out limited MySQL functionality trough their scripts, and you would need to authorize first as a valid user.
But without such panels, left in the CLI world, you rely on yourself or the few that you trust to do the actual modification. There are great security implications to think of, even if you think you won't get exploited, someone could have courage to play God because they feel they can do it and mess everything up.
