Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.
Moderator: General Moderators
miro_igov
Forum Contributor
Posts: 485 Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria
Post
by miro_igov » Mon Oct 02, 2006 6:21 am
Hello,
I'm trying to make a php script which adds user accounts into red hat system. There is a file called /etc/shadow in which the passwords and other data is saved. What is the encryption method of the passwords in this file ?
Jenk
DevNet Master
Posts: 3587 Joined: Mon Sep 19, 2005 6:24 am
Location: London
Post
by Jenk » Mon Oct 02, 2006 6:42 am
Even if you were able to encrypt/decrypt directly to the file, your PHP/Apache process won't have access to it (or shouldn't)
volka
DevNet Evangelist
Posts: 8391 Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger
Post
by volka » Mon Oct 02, 2006 6:49 am
And the system could be configured to use pam for authentication. I really don't think you should edit this file.
Take a lok at
http://www.google.de/search?&q=linux%20useradd
But if you're going to use useradd from a php script be really careful with the parameters.
miro_igov
Forum Contributor
Posts: 485 Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria
Post
by miro_igov » Mon Oct 02, 2006 6:51 am
Jenk wrote: Even if you were able to encrypt/decrypt directly to the file, your PHP/Apache process won't have access to it (or shouldn't)
Then how the control panels add email accounts ?
@volka it says useradd: command not found
miro_igov
Forum Contributor
Posts: 485 Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria
Post
by miro_igov » Mon Oct 02, 2006 7:48 am
Well the process is not under the rot account. But i was able to change the permissions of the shadow file so the php account can write into it.
Is this a security weakness ?
Jenk
DevNet Master
Posts: 3587 Joined: Mon Sep 19, 2005 6:24 am
Location: London
Post
by Jenk » Mon Oct 02, 2006 8:02 am
miro_igov wrote: Jenk wrote: Even if you were able to encrypt/decrypt directly to the file, your PHP/Apache process won't have access to it (or shouldn't)
Then how the control panels add email accounts ?
@volka it says useradd: command not found
Email accounts do not require User Accounts at OS level.
miro_igov
Forum Contributor
Posts: 485 Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria
Post
by miro_igov » Mon Oct 02, 2006 8:06 am
So how an email account could be created ?
Jenk
DevNet Master
Posts: 3587 Joined: Mon Sep 19, 2005 6:24 am
Location: London
Post
by Jenk » Mon Oct 02, 2006 9:02 am
Depends on the Mail Server software.
miro_igov
Forum Contributor
Posts: 485 Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria
Post
by miro_igov » Mon Oct 02, 2006 10:40 am
The hosting company said that there is no way to create email accounts without creating system users. They use VPS techology.
Jenk
DevNet Master
Posts: 3587 Joined: Mon Sep 19, 2005 6:24 am
Location: London
Post
by Jenk » Mon Oct 02, 2006 11:18 am
I've never heard of, nor used VPS but I don't believe that for a second.
Is it a POP3 mail server?
miro_igov
Forum Contributor
Posts: 485 Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria
Post
by miro_igov » Mon Oct 02, 2006 12:17 pm
is there is a pop3 server. VPS is virtual private server.