From owner-freebsd-security Sun Aug 22 8:57:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from spork.cs.unm.edu (spork.cs.unm.edu [198.59.151.21]) by hub.freebsd.org (Postfix) with ESMTP id 1D3E214CE7 for ; Sun, 22 Aug 1999 08:57:39 -0700 (PDT) (envelope-from colinj@cs.unm.edu) Received: from portico.cs.unm.edu ([198.59.151.19]) by spork.cs.unm.edu with esmtp (Exim 2.12 #3) id 11IZzw-0003Ux-00 for freebsd-security@freebsd.org; Sun, 22 Aug 1999 09:57:32 -0600 Received: from colinj by portico.cs.unm.edu with local-esmtp (Exim 2.05 #1 (Debian)) id 11IZzv-0001Sv-00; Sun, 22 Aug 1999 09:57:31 -0600 Date: Sun, 22 Aug 1999 09:57:31 -0600 (MDT) From: Colin Eric Johnson To: freebsd-security@freebsd.org Subject: getting passwored data via a perl cgi Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm in the process of writing a cgi script in perl that should verify people against the machines password file. The problem that I am running into is that if the script is run by anyone other then root I get an empty encrypted password field. I don't want to run the cgi SUID root as this doesn't seem safe. Is there a way to allow other users access to complete password database? I understand, basically, why this is restricted but I'm not sure how else to solve this given FreeBSDs restrictions. thanks Colin E. Johnson | colinj@unm.edu | http://www.unm.edu/~colinj/ Parker always felt things in his bones because, he said, it saved space. -Steven Ayelett, _The Crime Studio_ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message