[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Non-root services?



On 16 Aug 2002 17:13:51 +0200
Nils Olav Selaasdal <noselasd@frisurf.no> wrote:

> On Sun, 2002-08-11 at 15:06, James West wrote:
> >  
> > I'm having some trouble with getting certain services thar don't
> > run as root, using pam. 
> >  
> > Namely postgresql runs as user postgres, but I was expirimenting
> > with various versions of pam_unix and had no luck getting it to
> > auth, until I messed with permissions of /etc/shadow. 
> >  
> > Now, I'm sure this is a really old and obvious problem. (and if the
> > truth be known I can probably work without it) 
> >  
> > But, is there a way around it?  
> 
> We usually make a new group, shadowreaders, and:
> chgrp shadowreaders /etc/shadow
> chmod g+r /etc/shadow
> 
> and add the users to that group.
> 

I wouldn't do that on my systems.

Unless you want to go back to the time when /etc/shadow did not exist
and Crack (the program) was highly popular, you'd better not loosen
/etc/shadow's permissions, this is were encrypted passwords are kept.

Maybe using some authentication server or a carefully written setuid
binary (-ie- only one program to check, instead of a whole group
potentially running any odd binary on your system), would do it for
your problem ?

I hope what I've just written is not stupid and I wish you a nice day.

--
David





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []