using crypt

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

using crypt

Post by miro_igov »

Hello,

I'm trying to make a php script which adds user accounts into red hat system. There is a file called /etc/shadow in which the passwords and other data is saved. What is the encryption method of the passwords in this file ?
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Even if you were able to encrypt/decrypt directly to the file, your PHP/Apache process won't have access to it (or shouldn't)
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

And the system could be configured to use pam for authentication. I really don't think you should edit this file.
Take a lok at http://www.google.de/search?&q=linux%20useradd
But if you're going to use useradd from a php script be really careful with the parameters.
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Post by miro_igov »

Jenk wrote:Even if you were able to encrypt/decrypt directly to the file, your PHP/Apache process won't have access to it (or shouldn't)
Then how the control panels add email accounts ?

@volka it says useradd: command not found
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

That's strange, http://www.mediacollege.com/linux/red-hat/useradd.html
Maybe /usr/sbin wasn't in PATH, maybe because the process wasn't root?
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Post by miro_igov »

Well the process is not under the rot account. But i was able to change the permissions of the shadow file so the php account can write into it.

Is this a security weakness ?
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

miro_igov wrote:
Jenk wrote:Even if you were able to encrypt/decrypt directly to the file, your PHP/Apache process won't have access to it (or shouldn't)
Then how the control panels add email accounts ?

@volka it says useradd: command not found
Email accounts do not require User Accounts at OS level.
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Post by miro_igov »

So how an email account could be created ?
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Depends on the Mail Server software.
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Post by miro_igov »

The hosting company said that there is no way to create email accounts without creating system users. They use VPS techology.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

I've never heard of, nor used VPS but I don't believe that for a second.

Is it a POP3 mail server?
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Post by miro_igov »

is there is a pop3 server. VPS is virtual private server.
Post Reply