[Gambas-user] Program to use different group rights

Charlie Ogier charlie at cogier.com
Mon Nov 26 15:44:09 CET 2018


Hi Bruce,

If you are looking for a way to use 'sudo' in your Gambas program have a 
look at 'Sudo_solution' that I published on the Gambas Farm. You need 
only add the 'Authenticate' Form to your program then you can do things 
like: -

Authenticate.Command("cp ~/file.txt /usr/bin/file.txt")
sString = Authenticate.Command("fdisk -l")

Charlie

On 26/11/2018 11:12, Bruce wrote:
> Well, the first thing to note is that /etc/shadow should contain one 
> way encrypted information only. So I don't see how you could possibly 
> see anything relevant in it?
>
> Sure, if you cat that file (as a root user) you will see some 
> (possibly) ASCII strings that represent the passwords - but you can't 
> "un-decrypt" them. AFAIK.
>
> As regards your second para, the "shadow" group (AFAICR) is very 
> protected. No user, or especially an executable program "should" be 
> able to get access. The only way I know is for the executable to 
> obtain priviledge access via a runtime login as  a "root" level user.
>
> Re para 3: From memory, (bad at the best of times), there are at least 
> a few system calls that let you:
> - compare an encrypted passkey to the relevant value to the ...
> - currently (kernel level) known value for that passkey.
> - here's the rub, I can't remember whether that is actually obtained 
> from a read of the shadow file or whether it's something in ring 0 
> memory?
>
> So bascically, trying to use /etc/shadow passkey authentication in 
> user space is a no-no.
>
> AFAICR!
>
> I don't know exactly what your end goal is but I don't think you're on 
> the right track.
>
> B
>
> On 11/26/18 9:16 PM, Rolf-Werner Eilert wrote:
>> When a program needs to read from a file which could actually only be 
>> read if member of a special group, how would this be achieved?
>>
>> I found that in order to read from /etc/shadow, a program needs to be 
>> member of the group "shadow". But when I start a password management 
>> program (in GUI) as an ordinary user, this program will be member of 
>> my own group only.
>>
>> So how would such a program be able to read my hash from /etc/shadow 
>> to verify if I type the right old password first? The new password 
>> could be sent to passwd to form and save a new hash, but how to read 
>> the old one first?
>>
>> Maybe someone here knows how this is achieved.
>>
>> Regards
>> Rolf
>>
>> ----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----
>
> ----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----



More information about the User mailing list