....
For the love of god, please use 389 Directory Server or OpenLDAP!
Speaking from experience with 389 DS, it'll not only give you the user
interface you're looking for out of the box, but it'll also be a heck of
a lot more secure and robust than your PHP solution.
Kindest regards,
Jan Middelkoop
Recreatie en Zorg Groep B.V.
--
Website: http://www.recreatie-zorg.nl/
E-mail: j...@recreatie-zorg.nl
Telephone: +31 10 714 22 97
Op 09-11-12 16:11, Robert Lefebvre schreef:
Hi,
I want to be able to give "write to the etc/passwd file" privileges to
the teachers so that they can suspend and restore their student's user
privileges.
I am fairly proficient with PHP so I began the project by building a
script that manages all of this but I ran into a snag when I tried to
have PHP save the file back because of the permissions associated with
the passwd file. As sudo, I can manually open etc/passwd with gedit
and I deactive a user simply by changing their group from being 100 to
empty (they then can't login). To reinstate them I change their group
back to 100. Most of the suspensions are for disciplinary reasons and
are not very long.
In the PHP script I read the file (only display student users), make
changes with a form , save the specs in a MySql suspension log along
with a restoration date and time.
Now I want to overwrite the current file with the edited one. I also
hope to have a cron write to the file also to automatically restore
the privileges.
As a brief experiment I expanded the permissions to the file and was
able to write to it with PHP but if I do, after all, decide to do this
I want to make as small of a security hole for php as possible so I am
asking for security related ideas for enabling php to write to the
passwd file.
I've Googled, of course, and see some possibiliteies with htaccess. It
seems like I could grant write privileges to php but wondered if I
could get even more restrictive with htaccess so that only the actual
php file could write?
And any other ideas would be welcomed too, even including "What! Don't
do it!".
Thanks
Robert
--
BungeeBones.com - A B2B Link Exchange - Free Links in limited
locations - human edited and reviewed - Networked online advertising
business opportunities available through our free, distributed web
directory script
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
