This came up on the CB the other day -- don't know if you're the same person, or the friend that guy was trying to help out, or someone else entirely, but I'll try to summarize the many good points that were brought up then.
First of all, changing passwords through a CGI script opens up some potentially huge security holes. If you don't require an SSL connection, anyone on the network can sniff out the passwords. Your CGI script will have to run as root to modify the passwd/shadow files, which means that any bugs or vulnerabilities in your script could have severe consequences for the entire system.
If you are determined to do this anyway,
using established techniques and
CPAN modules (such as
is probably much safer than trying to come up with your
If you want to change a linux password, you have to go through the shadow file and change it, one way or another.
Trying to force a perl script to communicate with the system's passwd command, which is meant to be run interactively, is just asking for trouble.
A little effort on your part now to learn about how linux passwords work and how to use the perl tools that manipulate them will save you a lot of headaches later.