不以root身份运行时如何检查Linux中的登录凭据? [英] How to check login credentials in linux when not running as root?

问题描述

我用C语言编写了一个cgi-bin应用程序，该应用程序在浏览器中运行，并允许用户打开交互式外壳并查看&在Linux机器上编辑文件.它以标准apache"www-data"用户身份运行.我只是在其中添加了一个登录屏幕，用户可以在其中输入用户名和密码(以表格形式)，但是我无法使用 getspnam 对用户进行身份验证，因为该功能仅在以root用户身份运行时有效.

I have written a cgi-bin application in C that runs in a browser and allows the user to open an interactive shell and view & edit files on a Linux machine. It runs as the standard apache "www-data" user. I just added a login screen to it where the user types in their name and password (in a form) but I cannot authenticate the user using getspnam since this function only works when running as root.

不以root用户身份运行时，我必须查看哪些选项来检查用户的登录凭据?

What options do I have to check the login credentials of a user when not running as root?

PS:在我的交互式外壳程序中，我可以键入"su root"，然后输入密码，并且它确实可以提升为root身份，因此显然可以以交互方式完成.

PS: In my interactive shell I can type "su root" and then type in my password and it does elevate to root fine so it obviously can be done interactively.

推荐答案

关于您的PS:好吧，当您执行su root时，您将切换到root用户.所以是的，当然，root可以读取影子文件，大家都准备好了.

With regard to your PS: Well, when you do a su root you're switching to the root user. So yes, of course, root can read the shadow file, you all ready said that.

关于您的问题:无法将您的apache进程临时提升到root(通过调用setuid或类似方法)以执行身份验证吗?

With regard to your problem: Can't you have your apache processes temporarily elevate to root (by calling setuid or similar) to perform the authentication?

祝你好运！

这篇关于不以root身份运行时如何检查Linux中的登录凭据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！