[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Shadow passwords and GNU su

Christoph Lameter:
> Note that the webserver behavior is quite customary for a lot of
> other apps as well. They all rely on the standard UNIX /etc/passwd layout.

Which apps are you referring to?  Most programs that do authentication
already run as root anyway (to be able to become the user), others
(such as xlock) are setuid root, but they get the user's encrypted
password at startup, and then do setuid(getuid()) as soon as possible.

> Perhaps we can work out something to make those applications work?

One possibility is to have a small setuid root program to do the
authentication, logs failures etc. and run it from the unprivileged


TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: