Authentication/authorization in the site admin panel through Unix users?

D

Denis Safronov2015-03-10 22:22:55

User identification

Denis Safronov, 2015-03-10 22:22:55

Actually, this idea crept into my head. Give access to the site admin based on information about the user in the group on the server (unix users, unix groups)
The meaning is this:
1. The user enters a login and password into the form. After that, the data is checked against those entered on the server (for example, via PAM). If the user is found and the password matches, then go to the next step.
2. We check that the user is in any master group, for example "appadmin". If he is in it, then ...
3. Return the list of groups with a prefix that the user belongs to. (appadmin-users, appadmin-logs, appadmin-articles).
4. In the application, already in the modules, we check if the user is in the desired group.
What does it give? We get rid of the need to use a database to authenticate / authorize users in the admin, just create a user on the user's server, add him to the necessary groups and that's it.
Yes, you can install LDAP, but... with Unix users there is no need to install and configure additional relatively heavy software.
Now the question is, before I wrote the code for all this. How sick is this idea and does it make sense to implement it?
PS Naturally, users are created without houses with the /bin/false shell.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

N

Nazar Mokrinsky, 2015-03-10
@nazarpc

1) In most databases, it already exists
2) It is more convenient to create users in the database
3) With a more detailed differentiation of access rights, you will still need to use some kind of storage
4) Tie to the OS
As for me, the advantages are very doubtful

A

Andrew, 2016-02-01
@iCoderXXI

If there are a dozen or two users, then you can at least somehow pervert, even write to an array.
If there are thousands of them, then I don’t think that the OS will like such perversions ...