Prevent web UI password change by web user

This commit is contained in:
DL6ER 2016-12-13 15:52:28 +01:00
parent 1509eb7d82
commit 004ba28378
1 changed files with 12 additions and 0 deletions

View File

@ -41,6 +41,18 @@ SetTemperatureUnit(){
SetWebPassword(){ SetWebPassword(){
if[ "$SUDO_USER" == "www-data" ]; then
echo "Security measure: user www-data is not allowed to change webUI password!"
echo "Exiting"
exit 1
fi
if[ "$SUDO_USER" == "lighttpd" ]; then
echo "Security measure: user lighttpd is not allowed to change webUI password!"
echo "Exiting"
exit 1
fi
# Remove password from file (create backup setupVars.conf.bak) # Remove password from file (create backup setupVars.conf.bak)
sed -i.bak '/WEBPASSWORD/d' /etc/pihole/setupVars.conf sed -i.bak '/WEBPASSWORD/d' /etc/pihole/setupVars.conf
# Set password only if there is one to be set # Set password only if there is one to be set