[Gambas-user] Program to use different group rights

Rolf-Werner Eilert rwe-sse at osnanet.de
Mon Nov 26 12:52:09 CET 2018


Maybe there is some kind of system call.

You are right, no one can really make any sense of this hash, but there 
must be some chance to get at least some verification like "when the 
user types this password, is it correct?".

Is there a commandline program (which could be called from within a 
shell) to do that?

Regards
Rolf


Am 26.11.2018 um 12:12 schrieb Bruce:
> Well, the first thing to note is that /etc/shadow should contain one way 
> encrypted information only. So I don't see how you could possibly see 
> anything relevant in it?
> 
> Sure, if you cat that file (as a root user) you will see some (possibly) 
> ASCII strings that represent the passwords - but you can't "un-decrypt" 
> them. AFAIK.
> 
> As regards your second para, the "shadow" group (AFAICR) is very 
> protected. No user, or especially an executable program "should" be able 
> to get access. The only way I know is for the executable to obtain 
> priviledge access via a runtime login as  a "root" level user.
> 
> Re para 3: From memory, (bad at the best of times), there are at least a 
> few system calls that let you:
> - compare an encrypted passkey to the relevant value to the ...
> - currently (kernel level) known value for that passkey.
> - here's the rub, I can't remember whether that is actually obtained 
> from a read of the shadow file or whether it's something in ring 0 memory?
> 
> So bascically, trying to use /etc/shadow passkey authentication in user 
> space is a no-no.
> 
> AFAICR!
> 
> I don't know exactly what your end goal is but I don't think you're on 
> the right track.
> 
> B
> 
> On 11/26/18 9:16 PM, Rolf-Werner Eilert wrote:
>> When a program needs to read from a file which could actually only be 
>> read if member of a special group, how would this be achieved?
>>
>> I found that in order to read from /etc/shadow, a program needs to be 
>> member of the group "shadow". But when I start a password management 
>> program (in GUI) as an ordinary user, this program will be member of 
>> my own group only.
>>
>> So how would such a program be able to read my hash from /etc/shadow 
>> to verify if I type the right old password first? The new password 
>> could be sent to passwd to form and save a new hash, but how to read 
>> the old one first?
>>
>> Maybe someone here knows how this is achieved.
>>
>> Regards
>> Rolf
>>
>> ----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----
> 
> ----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----
> 
> 



More information about the User mailing list