[Gambas-user] Program to use different group rights

Bruce adamnt42 at gmail.com
Mon Nov 26 12:59:07 CET 2018


Try here for a start.
https://en.wikipedia.org/wiki/Linux_PAM

(It is sooooo long since I have tried to cope with this stuff - about 
the last days of Gambas 1.)

Best of luck.
B

On 11/26/18 10:22 PM, Rolf-Werner Eilert wrote:
> Maybe there is some kind of system call.
> 
> You are right, no one can really make any sense of this hash, but there 
> must be some chance to get at least some verification like "when the 
> user types this password, is it correct?".
> 
> Is there a commandline program (which could be called from within a 
> shell) to do that?
> 
> Regards
> Rolf
> 
> 
> Am 26.11.2018 um 12:12 schrieb Bruce:
>> Well, the first thing to note is that /etc/shadow should contain one 
>> way encrypted information only. So I don't see how you could possibly 
>> see anything relevant in it?
>>
>> Sure, if you cat that file (as a root user) you will see some 
>> (possibly) ASCII strings that represent the passwords - but you can't 
>> "un-decrypt" them. AFAIK.
>>
>> As regards your second para, the "shadow" group (AFAICR) is very 
>> protected. No user, or especially an executable program "should" be 
>> able to get access. The only way I know is for the executable to 
>> obtain priviledge access via a runtime login as  a "root" level user.
>>
>> Re para 3: From memory, (bad at the best of times), there are at least 
>> a few system calls that let you:
>> - compare an encrypted passkey to the relevant value to the ...
>> - currently (kernel level) known value for that passkey.
>> - here's the rub, I can't remember whether that is actually obtained 
>> from a read of the shadow file or whether it's something in ring 0 
>> memory?
>>
>> So bascically, trying to use /etc/shadow passkey authentication in 
>> user space is a no-no.
>>
>> AFAICR!
>>
>> I don't know exactly what your end goal is but I don't think you're on 
>> the right track.
>>
>> B
>>
>> On 11/26/18 9:16 PM, Rolf-Werner Eilert wrote:
>>> When a program needs to read from a file which could actually only be 
>>> read if member of a special group, how would this be achieved?
>>>
>>> I found that in order to read from /etc/shadow, a program needs to be 
>>> member of the group "shadow". But when I start a password management 
>>> program (in GUI) as an ordinary user, this program will be member of 
>>> my own group only.
>>>
>>> So how would such a program be able to read my hash from /etc/shadow 
>>> to verify if I type the right old password first? The new password 
>>> could be sent to passwd to form and save a new hash, but how to read 
>>> the old one first?
>>>
>>> Maybe someone here knows how this is achieved.
>>>
>>> Regards
>>> Rolf
>>>
>>> ----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----
>>
>> ----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----
>>
>>
> 
> 
> ----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----


More information about the User mailing list