开发者

PHP: authenticate local unix user (without direct access to /etc/shadow)

开发者 https://www.devze.com 2023-01-08 13:10 出处:网络
Given a username and password, I need to check if there\'s a user on the local system with said username and password.
相关专题:authenticationpamphp

Given a username and password, I need to check if there's a user on the local system with said username and password.

I'm aware of posix_getpwnam and using the 开发者_高级运维PAM package, but both of these methods require that the PHP script have access to /etc/shadow. I'd rather not mess with permissions of system files or daemon users.

I imagine that this could be done either by messing with standard system commands such as sudo, or by writing my own small setuid C program. I could also try to connect to localhost via FTP or SSH with said username/password to validate it. Is there a simpler way?

If you wanted a more native way you can either roll your own. I would look more into PAM: pam_authenticate.

I mean, you SHOULD be able to create an application that authenticates but doesn't require root using PAM, for example sudo.

But, if you wanted a simpler solution you could just call:

Source login.sh

#!/bin/bash
su $1 < `echo $2` #Need echo for the newline

In the PHP code as an exec statement to login.sh with the first parameter being username and the second being the password.

  1. I believe ftp/ssh is a slick way of doing it assuming the system is always running these.

  2. Another possibility for permissions sake, is to write some script thatll pull those users from /etc/shadow and run this script as a cron job to regularly update it. This script creates a file with permissions only specific to user running your web (apache and what not) and can check with this file or even database the entries to mysql if you really wanted to get crazy.

The first is simple and easy to do, the second is a bit more work. Another way that just came to mind though is to through php execute a system command such as useradd $user and check return. This requires sudo though.

I could also try to connect to localhost via FTP or SSH with said username/password to validate it.

That's what I did in the end (using PHP ssh2 extension). Local commands are also ran via the same connection, under the user's credentials.

0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

    关注公众号

    热门标签

    图文推荐

    Delphi - Custom drawing a message list

    Delphi - Custom drawing a message list
    C++ header-only include pattern

    C++ header-only include pattern
    IE7 Margin Collapses Into Padding

    IE7 Margin Collapses Into Padding
    in CoffeeScript, how can I use a variable as a key in a hash?

    in CoffeeScript, how can I use a variable as a key in a hash?
    Interactive visualization of a graph in python [closed]

    Interactive visualization of a graph in python [closed]
    How to customise PHP MYSQL tables?

    How to customise PHP MYSQL tables?
    High quality, simple random password generator

    High quality, simple random password generator
    Image Recognition ApI in android

    Image Recognition ApI in android

    开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

    法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

    Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9