Re: Re: Unix Authentication

Well,

This was something that first occured to me, however the problem is that, after authentication, the web-script will need to actually 'take on' that users UID/GID etc. and write files in their home directory etc.

This could be that the entire script has to be run as suidroot, or maybe there is a way around it. I'm not sure (thats why I ask).

Any other suggestions?

______
      \___ _
       __()_\__
______/     \  \---\__________
            /                 \---\
            |     - Nick...       /
            \_____         __/---/
                 \_________/

Comment on Re: Re: Unix Authentication

Replies are listed 'Best First'.
Re: Re: Re: Unix Authentication by jwest (Friar) on Apr 12, 2001 at 02:18 UTC
To change UID's and GID's, you'll need root perms. You'll also need them for the password checking initially, at least long enough to read the shadow (or perhaps passwd) file. There's really no way of getting around it. The object, however, is to do as little as possible as root, and switch immediately to the new UID/EUID GID/EGID combination. Changing them is simple to do in Perl (set $<, $>, $(, $) for UID, EUID, GID, and EGID, respectively), so you'll never have to run the entire script as root. Just take care of what you need to do as root early and carefully, and switch as soon as you can.	[reply]
Re: Re: Re: Unix Authentication by knobunc (Pilgrim) on Apr 11, 2001 at 20:28 UTC
If you need to run the script as the user who owns it, you will need to have something running as root. You could have a setuid script or you can use the suEXEC features of apache. -ben	[reply]