LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   A Great Problem With Permissions (https://www.linuxquestions.org/questions/linux-software-2/a-great-problem-with-permissions-364350/)

stomach 09-17-2005 07:06 PM
A Great Problem With Permissions
 
I have a challenge, that it compromises a little the security,
but is necessary, and very will be well managed.
I installed module AUTH+PAM, in the apache.
I needed to give to the permission of reading in the archive /etc/shadow,
but only for the group shadow-readers.

This configuration to arrive in its final result, I needed to twirl the apache with this group "shadow-readers".
The Proper site, has the documentation to make to function in this way.

E Really functions perfectly.




The Problem:



When elapsing of the day,
I perceived that modifying the password of an user using the command passwd,
the permission of the dumb archive /etc/shadow automatically.

This only occurs, modifying the password with the command "passwd".
It can add user to exclude...
With the command "passwd" only occurs.


It sees an example below:

Code:
root@firewall /etc# chmod 640 shadow
root@firewall /etc# chown root:shadow-readers shadow
root@firewall /etc# ls -la
-rw-r----- 1 root shadow-readers 1262 Sep 12 13:20 shadow

It functions perfectly.

But if some user, to enter for ssh and to modify its password,
using the command "passwd"
The Archive shadow automatically loses the permissions that I placed.




Code:
root@firewall /etc# ls -la
-rw------- 1 root root 1262 Sep 12 13:42 shadow
Any user who to change the password happens this!


Then I come through this post, to ask for to the gentlemen,
if he is possible I to decide this problem.
I am to many days, and I did not obtain a Positive result.




It would like To thank the patience of all,
and one more time to ask for Excuses for my English.


They have a Good Night.

eightbits 09-18-2005 03:55 AM
I'm not sure that can be done without some coding. I think the permissions settings are hard coded into the passwd program itself. You can try to download the package from shadow.pld.org.pl and see if you can recompile it with options for changing the permissions settings of the passwd program, but I don't think the options exist in the configs. You can of course try to go through the source before compiling and try to rip out the code that messes with permissions. But, this is a terrible thing to do and I recommend against it.

The best thing would be for you to tell us exactly what you're trying to accomplish. Instead of getting read permissions to /etc/shadow, tell us why you want read permissions. There is almost definitely a better way. If you're trying to come up with a web-based authentication scheme, there are most certainly better methods. For instance, htaccess, LDAP, etc...

stomach 09-18-2005 08:52 AM
ok thankz.

She is that necessary with the same PAM.
The Same password of the operational system


All times are GMT -5. The time now is 09:08 AM.