Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Denis Safronov2015-03-10 22:22:55
User identification
Denis Safronov, 2015-03-10 22:22:55

Authentication/authorization in the site admin panel through Unix users?

Actually, this idea crept into my head. Give access to the site admin based on information about the user in the group on the server (unix users, unix groups)
The meaning is this:
1. The user enters a login and password into the form. After that, the data is checked against those entered on the server (for example, via PAM). If the user is found and the password matches, then go to the next step.
2. We check that the user is in any master group, for example "appadmin". If he is in it, then ...
3. Return the list of groups with a prefix that the user belongs to. (appadmin-users, appadmin-logs, appadmin-articles).
4. In the application, already in the modules, we check if the user is in the desired group.
What does it give? We get rid of the need to use a database to authenticate / authorize users in the admin, just create a user on the user's server, add him to the necessary groups and that's it.
Yes, you can install LDAP, but... with Unix users there is no need to install and configure additional relatively heavy software.
Now the question is, before I wrote the code for all this. How sick is this idea and does it make sense to implement it?
PS Naturally, users are created without houses with the /bin/false shell.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
N
Nazar Mokrinsky, 2015-03-10
@nazarpc

1) In most databases, it already exists
2) It is more convenient to create users in the database
3) With a more detailed differentiation of access rights, you will still need to use some kind of storage
4) Tie to the OS
As for me, the advantages are very doubtful

Report
A
Andrew, 2016-02-01
@iCoderXXI

If there are a dozen or two users, then you can at least somehow pervert, even write to an array.
If there are thousands of them, then I don’t think that the OS will like such perversions ...

Similar questions
H
hckn2018-09-15 18:42:14
Do you want to delete the session or its parameter on logout? 0Reply
V
vlnskii2016-04-25 13:22:27
Redirect after comment in wordpress, how to remove, how to make anonymous comments? 1Reply
Z
zlodiak2014-02-24 13:01:51
How to automatically use the session when authorizing through a script? 0Reply
S
Sergey Petrosyan2018-10-03 19:46:19
How to make authorization on Android + PHP + MySQL? 1Reply
A
Alexey2021-12-09 16:51:34
User authorization by device (smartphone)? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question