On 23/08/17 14:59, Anton Aylward wrote:
On 23/08/17 09:03 AM, Paul Groves wrote:
The authentication you go on to describe is not particularly impressive. Someone could have hacked in to the browser making the connection before the connection was set up. It's just a password. The site is internal only and will never allow external connections. Your confidence in the, I suppose it is the firewall, must gladden the heart of many hackers :-) Not least of all those that know how to bypass same.
Then there's what amounts to variations on 'phishing' and other modes of subverting innocent and unsuspecting users to do things that they do not understand or think about the security implications of.
Finally there are the, well lets call them "malicious insiders". In gentler times these were the curious who wanted to learn how the 'system' worked and poked around. UNIX-of-old was remarkably open back then :-) But back then there wasn't so much of critical importance to protect, even from the non-malicious curious who might accidentally break something. These days we don't have that tolerance.
How could I log in securely if not using their password? Certificates, just like with SSH ?
One time codes sent to their phone ?
Proxy mechanism courtesy of Google or others ?
User specific challenge/response ?
Hardware token (aka 'dongle') ?
Perhaps the problem lines in the way the question is being asked. Why would YOU want to login in using THEIR password?
I will start from the beginning as there has obviously been some confusion. (sorry it is so long but I wanted to make sure I have covered everything): Currently there are 4 administrator users (IT Department). They are all in the sudo group on this server giving them access to run administrative tasks. For example the aforementioned users can log in via ssh (internal network only) using their credentials and run sudo useradd to create new users. (SSH is only open to the IT department IP addresses by the way). Now the problem lies in having to train all of these staff exactly which commands to type in. Especially every year when there are several hundred to do. (it is a school). The chance for human error is very high and it causes a lot of work correcting everything. So to save these problems, I have been asked to make a PHP based web console for the technicians to perform routine tasks such as this. Therefore eliminating the human factor. This server is already running apache for our internal portal. So I have made another virtualhost for the console. This virtualhost only allows connections from the IT department IP addresses (same as our sshd_config). Also the virtualhost uses a non standard port that has been opened in the firewall only for the IT department IP addresses. (Same as port 22 is configured for ssh). The virtualhost also required the user to log in and only allows users in the sudo group on this server (therefore only the 4 IT administrators). So now I have a php site that only the IT staff from the computers in the IT department can access. I have written a script for each of the required tasks. One example is creating users. So basically the goal is to have the IT admin log into the console on their browser. Go the the add user page. Check everything is correct for the new user(s) then clicks 'create' which then executes the add user script like so: sudo php /srv/script/addusers.php users_array where the users argument is a multi-dimensional array containing username, Full name, groups, home directory path etc... for each user to be created. Here lies the problem. The script will only work using sudo (because of useradd or chown, chmod and other commands which cannot be run as the www user). This is what I need help with. So I would like to run the script as the logged in IT Admin's account perhaps? The console could prompt them to authenticate and pass this information into the sudo command. Therefore when (lets call him Bob) Bob the technician does the above on the web page, the sudo command will be run under Bob's username and require bob's password. And because bob is in the sudo group the sudo command will then authenticate and run the script successfully. Exactly the same as Bob logging in and typing sudo php /srv/script/addusers.php users_array then entering his password for sudo. Let's be clear, I do not want to run apache as root (like webmin does) because this is a ridiculous idea in terms of security as I am sure you will all agree. apache should be run as it's own restricted user (usually www or wwwrun). Only the specified scripts should be allowed to run as root and only when a sudo user authenticates them to run. Hopefully this has been a clearer description of the problem? If anyone knows how I can go about this is a secure manner I would very much appreciate a solution. Or also any better ideas? Yours bashing-his-head-on-the-desk-ly Paul :-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org