Hi,
We're looking at using libnss-mysql (with Kerberos auth) but the difficulty we're having is a secure and safe way to allow users change shell and gecos info from the command line. If you have a world readable file with the MySQL password, anyone can make the changes. Setting it suid root is not something we'd like to do.
Any other suggestions?
Regards,
Cian Davis
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I realize this is an extremely late reply ---
You need a program that can access MySQL, but doesn't allow users to see the password. One option is a program that's chmod'ed 711 and contains the password in the program itself. Another option is a web program with the program and/or password readable only by the webserver. The third obvious option is suid-root -- the same solution the 'passwd' program uses. This is actually probably the safest (properly written) because it likely prevents the user from reading the in-memory copy of the program to determine the password contained in the script. I'd research that option first.
It's the problem inherent in a database without row-level permissions (where, e.g. LDAP, works quite well).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
We're looking at using libnss-mysql (with Kerberos auth) but the difficulty we're having is a secure and safe way to allow users change shell and gecos info from the command line. If you have a world readable file with the MySQL password, anyone can make the changes. Setting it suid root is not something we'd like to do.
Any other suggestions?
Regards,
Cian Davis
I realize this is an extremely late reply ---
You need a program that can access MySQL, but doesn't allow users to see the password. One option is a program that's chmod'ed 711 and contains the password in the program itself. Another option is a web program with the program and/or password readable only by the webserver. The third obvious option is suid-root -- the same solution the 'passwd' program uses. This is actually probably the safest (properly written) because it likely prevents the user from reading the in-memory copy of the program to determine the password contained in the script. I'd research that option first.
It's the problem inherent in a database without row-level permissions (where, e.g. LDAP, works quite well).