[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Calling (but not including) a ruby script

Christopher

7/3/2006 4:55:00 PM

Hello,

Right now I'm working on a project where I need to authenticate users
against /etc/shadow without authenticating against a mail server or
anything through http authentication.

I have a ruby script that expects a username and password text string,
encrypts the password part of it, and then compares it to /etc/shadow.
It spits out a 1, 2, or 3, depending on if the user is authenticated,
has provided the wrong password, or does not exist at all.

I'd like for the first ruby script (the authentication web-script) to
be able to call that second ruby script without having it run as the
www-data apache2 user or including the file. What is the syntax for
such a call?

Also, related to this, I am of course open to better ways of
authenticating system users, but I can't really sort out a better
method that doesn't involve mirroring /etc/shadow (minus the root user)
to a database of some sort.

Cheers,
Christopher
2 Answers

monitor

7/5/2006 8:50:00 AM

0

Would using backticks do the job? Ie `ruby /path/script args`

cheers
B
monitor@bruntwood.stockport.sch.uk

Christopher wrote:
> Hello,
>
> Right now I'm working on a project where I need to authenticate users
> against /etc/shadow without authenticating against a mail server or
> anything through http authentication.
>
> I have a ruby script that expects a username and password text string,
> encrypts the password part of it, and then compares it to /etc/shadow.
> It spits out a 1, 2, or 3, depending on if the user is authenticated,
> has provided the wrong password, or does not exist at all.
>
> I'd like for the first ruby script (the authentication web-script) to
> be able to call that second ruby script without having it run as the
> www-data apache2 user or including the file. What is the syntax for
> such a call?
>
> Also, related to this, I am of course open to better ways of
> authenticating system users, but I can't really sort out a better
> method that doesn't involve mirroring /etc/shadow (minus the root user)
> to a database of some sort.
>
> Cheers,
> Christopher
X-No-Archive: Yes

Timothy Goddard

7/5/2006 11:56:00 AM

0

In a recent thread
(http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/c5417d4ac8e5c6ca/23f1fa...)
it was explained why accessing /etc/shadow directly should not even be
possible on a reasonably secure computer. Don't do this!

You can use a separate login database or use something like ruby-pam or
kerberos to do the authentication. Using /etc/shadow from any non-root
user account defeats its purpose though and running any web application
as root is just asking to have your system compromised.

Christopher wrote:
> Hello,
>
> Right now I'm working on a project where I need to authenticate users
> against /etc/shadow without authenticating against a mail server or
> anything through http authentication.
>
> I have a ruby script that expects a username and password text string,
> encrypts the password part of it, and then compares it to /etc/shadow.
> It spits out a 1, 2, or 3, depending on if the user is authenticated,
> has provided the wrong password, or does not exist at all.
>
> I'd like for the first ruby script (the authentication web-script) to
> be able to call that second ruby script without having it run as the
> www-data apache2 user or including the file. What is the syntax for
> such a call?
>
> Also, related to this, I am of course open to better ways of
> authenticating system users, but I can't really sort out a better
> method that doesn't involve mirroring /etc/shadow (minus the root user)
> to a database of some sort.
>
> Cheers,
> Christopher