[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Can only root use PAM to auth against /etc/shadow?



On Mon, 2002-02-11 at 10:19, Tim Dijkstra wrote:
> Hi,
> 
> I'm trying to get some app to use PAM to authenticate against  /etc/shadow.
> -rw-r-----    1 root     shadow       1184 Jan 31 02:06 /etc/shadow
> Shouldn't it be enough for the app to
> be a member of the 'shadow' group for this to work? Or are there any
> other restrictions.
> (Works fine when I make /etc/shadow world-readable, but don't want that
> of course)

The app would have to be running with its effective gid set to shadow. 
Simply doing a chgrp shadow /bin/myapp is not enough.  You would also
need to chmod g+s /bin/myapp.  Be careful, however.  If /bin/myapp
allows people to read arbitrary files, people will be able to read
/etc/shadow (which is really close to making it world-readable).

Mike






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []