ubuntu - Linux, store credentials with process and it's children, grandchildren? -


i'm working on little side project on linux(ubuntu) require 1 authenticated access service. idea authentication should stored process , it's children, , not linux user itself.

this authentication should done calling example "myapplogin" username, password , script/application(any application) run these credentials. want possible retain these credentials in children made process, , grandchildren , on.

i have looked @ few options capability.

  1. store login id or in environment variables. is, far know, passed on children. however, environment variables can written process, allowing possibly gain access should not have.

  2. when logging in, store process id of process logged in, , on every operation service, check if has stored pid, or if anywhere in it's ancestry stored pid exists. possibly become slow if ancestry grows large, , if service accessed often. option cache pid in ancestry, can have security implications pid reuse in os.

  3. using process groups , link login, can changed process itself, allowing possibly join existing group without logging in.

is there way this? preferably should stored process, new children inherits, not possible process overwrite, , readable externally kernel module.

maybe i'm overlooking obvious? grateful input on =)

i can provide 2 methods depends on kinds of "services" mentioned:

1.if services mentioned like: network management, disk mounting/umounting, etc. following:

the linux kernel implements capability mechanism. kernel has defined various capabilities. these capabilities can assigned different users. , basic rule of capability is: assign minimum set of privilege 1 user accomplish mission.

so can use capability idea, need is:

(1) list services need limit access.

(2) define new capabilities or use existing capabilities listed services.

(3) change kernel source codes check capabilities of 1 process when access services listed. usually, these checks located in system call entries.

(4) make changes init/login processes' source codes, when user login system, assign necessary capabilities different users according access control rules.

2.if services mentioned executing kind of system commands.

(1) create file such watch_dog or else under /etc/ directory, in file, can define format list specific users can execute specific commands. of course, file format can fancy, such regular expression can used. parse file, bison or lex/yacc can used.

(2) during linux kernel initialization, file /etc/watch_dog can parsed.

(3) during process fork(), set /etc/watch_dog rules process related task_struct.

(4) in exec() entry, apply /etc/watch_dog rules check whether can execute program or not.


Comments

Post a Comment

Popular posts from this blog

php - get table cell data from and place a copy in another table -

two-part question: have 2 tables: 1 table items , other table selected items copied when add button clicked. after, when items wanted selected, there 'finished' button post items selected db. i started javascript didn't far @ because jquery seems better suited i'm not familiar it function addto() { var div = document.getelementbyid('fixeddiv','inside'); div.innerhtml = div.innerhtml + 'item added'; } <div id='fixeddiv'> <table align="center" id="tradee"> <th rowspan="2"> other item</th> <?php while($rowi =$item->fetch_assoc()) {?> <tr> <td> <?php echo $rowi['item_name']; ?> </td> <td><?php echo $rowi['item_description'];?></td> </tr> <?php } ?> </table> <br> <table align="center" id="tradetable"
Read more

javascript - Mootools wait with Fx.Morph start -

i trying var effect = new fx.morph(testmorph, { wait/delay 2 seconds before starting. ( fiddle here ) but when try .wait(2000) or .delay(2000) , or .wait(2000, effect) uncaught typeerror: object [object object] has no method 'delay' any ideas how working? code i'm using: var testmorph = document.id('testmorph'); var effect = new fx.morph(testmorph, { transition: 'back:out', duration: 900, link: 'chain' }).start({ 'top': 20, 'opacity': 1 }).start({ 'border-color': '#a80025', 'color': '#a80025' }); effect.delay(2000); you can use combination of chain() , delay() achieve desired effect. new fx.morph(testmorph, { transition: 'back:out', duration: 900, link: 'chain' }).start().chain(function(){ this.start.delay(2000,effect,{ //first }); }).chain(function(){ this.start({ //second }); }); the
Read more

php - Navigate throught databse rows -

i run image hosting site, , ive run problem. want make 2 buttons beside pic "next image" , "prev image". im new php/mysql , haveing troubles. check out got. use id (numbers) find correct row, have image name build next link. how make below query next , prev image names + ids? $query_next = ("select imageid, image_name images image_name = '$image_main' order imageid desc limit 1"); $query_prev = ("select imageid, image_name images image_name = '$image_main' order imageid asc limit 1"); // next $next = mysql_query($query_next); // prev $prev = mysql_query($query_prev); while ($row = mysql_fetch_assoc($next)) { $next = $row['image_name']; } while ($row = mysql_fetch_assoc($prev)) { $prev = $row['image_name']; } the html = > simple stuff. <a href="http://mysite.com/view_image/<?=$next?>">next image</a> <a href="http://mysite.com/view_image/<?=$pr
Read more