[Gambas-user] Program to use different group rights

[Bruce]

Well, the first thing to note is that /etc/shadow should contain one way 
encrypted information only. So I don't see how you could possibly see 
anything relevant in it?

Sure, if you cat that file (as a root user) you will see some (possibly) 
ASCII strings that represent the passwords - but you can't "un-decrypt" 
them. AFAIK.

As regards your second para, the "shadow" group (AFAICR) is very 
protected. No user, or especially an executable program "should" be able 
to get access. The only way I know is for the executable to obtain 
priviledge access via a runtime login as  a "root" level user.

Re para 3: From memory, (bad at the best of times), there are at least a 
few system calls that let you:
- compare an encrypted passkey to the relevant value to the ...
- currently (kernel level) known value for that passkey.
- here's the rub, I can't remember whether that is actually obtained 
from a read of the shadow file or whether it's something in ring 0 memory?

So bascically, trying to use /etc/shadow passkey authentication in user 
space is a no-no.

AFAICR!

I don't know exactly what your end goal is but I don't think you're on 
the right track.

B

On 11/26/18 9:16 PM, Rolf-Werner Eilert wrote:
> When a program needs to read from a file which could actually only be 
> read if member of a special group, how would this be achieved?
> 
> I found that in order to read from /etc/shadow, a program needs to be 
> member of the group "shadow". But when I start a password management 
> program (in GUI) as an ordinary user, this program will be member of my 
> own group only.
> 
> So how would such a program be able to read my hash from /etc/shadow to 
> verify if I type the right old password first? The new password could be 
> sent to passwd to form and save a new hash, but how to read the old one 
> first?
> 
> Maybe someone here knows how this is achieved.
> 
> Regards
> Rolf
> 
> ----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----