Hi Guys,

Would it be possible to restrict the daemon access using certain strings just like key generator? Like you know I can generate SHA1 string and unless and until that string is passed certain services will not start. I mean just like serial key for software but not exactly as such serial key but wanted to restirct access of services.

Can we do that or does anyone have any better idea than this? Let say I want DNS should not be started unless and until the SHA1 string is entered which is of only one time initially as well as can I keep the access for certain days and daemon will automatically stop.

Like say for 365 days and if the new SHA1 key is not entered daemon will stop automatically after 365 days.

Seems to be weird, huh

You can configure sudo/sudoers to allow certain users to run certain commands like 'systemctl start bind'. And you can require sudo to require a password when running the commands. So -- change the user password to this sha1 sum and you have what you are describing.

Not sure what the difference between a SHA1 sum and a complex password is.

You might further refine that suggestion by using a one-time password setup and then doling out the passwords one at a time.

An obvious one is that any hash can't be attacked by a dictionary attack.

But what the OP seems to talk about is some kind of restricted, time-limited access control (whether it is for security or paid-service reason).

Your sudoer "hack" can do the trick, or at least be a temporary workaround.

Cheers.

Neither can a 'complex' password.

SHA1sum - 68cd0415d0917a830166e4802fb6a581f418f4a8
Complex Password - 2%5pbc94vkCB5J5G94QLBGM2#AXc$8EZB3@x0(nj

OP: Why SHA1?

Well I didn't know that "complex password" had an official specification of being randomly generated, although "random password" can be classified within "complex password" group.

Anyway, the OP problems sounds to me like a "commercial licensing" key for customers. SHA1 or "whatever" could do the job, maybe because he already have this kind of key, but it's a detail.

Problem with what he asks is, there are a lot of chance that it will require a specialized daemon to check the key on one side, and being able to kill the "secure service" once the date is over... But anyway it sounds like a solution full of security holes which is the main problem (depending on the "criticalness" of the subject of course).

Well kinda of security key but I dont mind that is hackable or can be cracked but for at least something you know for show off reason a key is entered and then only a daemon has started. The basic idea is I can generate a file which has person name, address and duration and that file then passed through SHA1 sum which can be used to start the daemon once? Further to that probably restricting access if it does not work its OK. I can manually keep a track of it.

And what does bash have to do with this licening problem?

1 members found this post helpful.

I have read this thread several times and am not really any closer to understanding the point of your question. It would be helpful (if only for myself) if you could provide a better, more complete description of your overall objective.

Specifically, you have focused on doing this with a bash script, but there is no obvious reason for that.

You also say it is "kinda of security key" (aka license key), but you need to provide a more complete description of how it will be deployed and used for us to understand why it is only "kinda" and not "really" a license key - you are quite vague on that point.

Is this code to be used only on your own system? If so the sudo approach might apply. If not, then how is the script/key to be distributed to others, what daemons it would affect and in what context is it to be run by those others on their own systems?

A more complete description of your actual intended use case would go a long way toward clearing up these questions.