[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: privilege separation daemon ?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: privilege separation daemon ?
- From: Chuck Yerkes <chuck+obsd_(_at_)_2003_(_dot_)_snew_(_dot_)_com>
- Date: Fri, 18 Apr 2003 20:50:54 -0400
- Mail-followup-to: Chuck Yerkes <chuck+obsd_(_at_)_2003_(_dot_)_snew_(_dot_)_com>, misc_(_at_)_openbsd_(_dot_)_org
- Reply-to: misc_(_at_)_openbsd_(_dot_)_org
What does this do that I don't do by having the (effectively)
NIS information in LDAP and a socket in the choot area (or a
chat with 127.0.0.1:389?
Quoting mailing (mailing_(_at_)_skreel_(_dot_)_org):
> I have been working on a little daemon that allows getpw* and getgr* calls to
> be performed via a unix socket. The goal was to be able to authenticate users
> while in a chroot()-ed environement without having to copy the passwd database
> inside the chroot(). It appeared to me that with a few modifications, this
> could be easily transformed into a 'privilege separation' daemon, allowing
> applications to authenticate users without having to run as root as long as
> they have enough privileges to read and write to the socket.
> I was wondering if anyone would be interested in that, the code still needs a
> bit of work (mostly cleaning) and if it can be helpful to any of you, let me
> know :)
Visit your host, monkey.org