By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,825 Members | 1,388 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,825 IT Pros & Developers. It's quick & easy.

Reading unix group info and user info

P: n/a
Hi,

Can someone please guide me as to how one reads group/user info of *nix
servers using PHP? Is it possible at all? I need to authenticate people
on a secure local website by looking at their group and user rights. Any
info would be of great help! thanks,
Steve

Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
>Can someone please guide me as to how one reads group/user info of *nix
servers using PHP? Is it possible at all? I need to authenticate people
on a secure local website by looking at their group and user rights. Any
info would be of great help! thanks,


Do you want to securely read the group/user permissions of a user
running on a client machine with PHP on a server machine, where the
two machines are different? This probably can't be done with
anything remotely resembling security, especially if it is possible
for the user running the client machine to boot one of the latest
viruses instead of unix. Essentially, the client can LIE and there's
not a whole lot the server can do about it, short of running something
like Kerberos.

Also, does having root permission on the client machine actually
MEAN anything to the server? I have root privileges on lots of
machines, not including those owned by any bank, and the bank server
really shouldn't be impressed by that fact.

Gordon L. Burditt
Jul 17 '05 #2

P: n/a
Steve wrote:
Hi,

Can someone please guide me as to how one reads group/user info of *nix
servers using PHP? Is it possible at all? I need to authenticate people
on a secure local website by looking at their group and user rights. Any
info would be of great help! thanks,
Steve


Just to clarify, are you basically trying to authenticate people against
/etc/passwd ?

This might be more easily done with the web server if you are using apache.

http://www.apacheref.com/ref/mod_auth/AuthUserFile.html
http://httpd.apache.org/docs/mod/mod_auth.html

If you can achieve this, then you won't need to bother writing a
security module for your app. I think there are ways of extracting who
the user is logged in as from the apache environment variables. Check
the php manual. Then you can implement access control on your
application's resources from a database lookup or something. maybe:
$arrGroups = file("/etc/groups");
foreach($arrGroups AS $strGroup) { ...tokenizer... }

Jul 17 '05 #3

P: n/a


Terence wrote:
Steve wrote:
Hi,

Can someone please guide me as to how one reads group/user info of
*nix servers using PHP? Is it possible at all? I need to authenticate
people on a secure local website by looking at their group and user
rights. Any info would be of great help! thanks,
Steve


Just to clarify, are you basically trying to authenticate people against
/etc/passwd ?

This might be more easily done with the web server if you are using apache.

http://www.apacheref.com/ref/mod_auth/AuthUserFile.html
http://httpd.apache.org/docs/mod/mod_auth.html

If you can achieve this, then you won't need to bother writing a
security module for your app. I think there are ways of extracting who
the user is logged in as from the apache environment variables. Check
the php manual. Then you can implement access control on your
application's resources from a database lookup or something. maybe:
$arrGroups = file("/etc/groups");
foreach($arrGroups AS $strGroup) { ...tokenizer... }


Thanks a lot! This is what I was trying to do.. howerver, there's a
twist to the story. I now realize that I want to authenticate users
where the /etc/passwd file is on another server. I have root privileges
to that machine and I'm not sure what to do. I have LDAP running on that
server too. Should I use a combination of LDAP and PAM to do this?
Basically, I want people to enter their login and passwords on machine A
and I want machine A to look for the passwd files and their groups on
machine B. any suggestions? Thanks again,

Cheers,
Steve

Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.