Gentoo Archives: gentoo-user

From: Stroller <stroller@××××××××××××××××××.uk>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] [OT?] /etc/shadow perms group shadow?
Date: Sat, 15 Nov 2008 06:45:59
Message-Id: 6F2D4BFE-875F-4C7C-AD39-F4686D861BEF@stellar.eclipse.co.uk
In Reply to: [gentoo-user] [OT?] /etc/shadow perms group shadow? by Michael Higgins
1 On 15 Nov 2008, at 00:57, Michael Higgins wrote:
2 > ...
3 > An application runs as a web server. In this application I have
4 > hooks to PAM. The results I was getting from attempting to authorize
5 > against PAM were fruitless, until I looked at making a way for the
6 > user running this to read /etc/shadow.
7 >
8 > At any rate, I wound up making a group "shadow" and making /etc/
9 > shadow owned by group shadow and group-readable, adding my user to
10 > this group. Now it works great.
11 >
12 > Isn't this something Gentoo should have a mechanism for handling
13 > already, or am I totally off the mark here? Does anyone know if this
14 > ability to read /etc/shadow to authenticate on a system is somehow
15 > deprecated in favor of something else, or just overlooked in Gentoo
16 > land... or what? '-)
17
18 Isn't this depreciated in favour of PAM? I think you want to be
19 looking at why that wasn't working & at fixing it. What if an
20 administrator wants to install your app on a system where users
21 authenticate against LDAP?
22
23 Sorry to sound negative, but there must be some books / HOWTOs about
24 PAM which show minimal programming examples. I'd copy one of those and
25 see why it won't work on your system or how your code differs.
26
27 Stroller.

Replies

Subject Author
Re: [gentoo-user] [OT?] /etc/shadow perms group shadow? Michael Higgins <linux@×××××××.org>