Re: Special setuid wrapper for Mango
- From: Olav Vitters <olav bkor dhs org>
- To: gnome-infrastructure gnome org
- Subject: Re: Special setuid wrapper for Mango
- Date: Thu, 30 Jul 2009 14:43:51 +0200
On Thu, Jul 30, 2009 at 02:42:41PM +0200, Olav Vitters wrote:
> Could someone write a setuid wrapper for me?
>
> I'd like people to be able to reset their Mango LDAP password. For this
> I'd like to have it work by allowing people to do:
> ssh -l $USERID mango.gnome.org mango
>
> The fake mango command would call the setuid mango (not setuid root!)
> script named:
Ehr.. to be clear: /usr/local/bin/mango-reset is a C program, which
calls /usr/local/bin/mango-reset.py
> /usr/local/bin/mango-reset (or something)
> which calls:
> /usr/local/bin/mango-reset.py $ORIGINAL_ID (or something, ENV variable
> is also ok, at long as everything stays secure)
>
>
> So I need a secure /usr/local/bin/mango-reset.c which checks which user
> called it (so e.g. if someone logs in, I'd like to have my Python script
> *securely* know which password / uid to reset.
> Note: I prefer a number for the userid, e.g. 7810 or something. Think
> that is more secure.
>
> Could someone write above for me, securely?
>
> Note: We already have something for signal-ftp-sync. Can't reuse it as I
> want to know who called the setuid wrapper.
>
> --
> Regards,
> Olav
--
Regards,
Olav
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]