Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

possilbity to set authentification for user uid 0 #58

Closed
nephaste opened this issue Sep 9, 2015 · 8 comments
Closed

possilbity to set authentification for user uid 0 #58

nephaste opened this issue Sep 9, 2015 · 8 comments
Labels
kind/question

Comments

@nephaste
Copy link

nephaste commented Sep 9, 2015

Hi Yudai,

can it be possible to set authentification using the uid 0 user for example.

this could allow Qnap users to log with the admin user (no root on qnap) set on their box, instead to set a custom user/password

I think it could be a good enhancement for Gotty.
@yudai
Copy link
Owner

yudai commented Sep 15, 2015

Hi @nephaste,
Let me clarify your request. You want to run your actual command with a different UID?

How about using sudo like

gotty sudo top

@nephaste
Copy link
Author

Hi Master Yudai

no i mean to use the password authentification "-c" flag
actually i run gotty with a custom user and password qnap:qn@p

gotty -p "8586" -w -c qnap:qn@p "/bin/sh" &

i would like to use the embedded linux user "admin" (is root on Qnap)

sorry if i was not clear enough

@haliphax
Copy link

So really, you want gotty to use the operating system's authentication method (pamd, etc.)...

@yudai
Copy link
Owner

yudai commented Sep 15, 2015

The -c option of gotty is not related to the users of your OS. You can use any username and password (including admin) with the -c option.
The owner of your gotty process will be the owner of the shell you are running to launch gotty. Child processes created by gotty (/bin/sh) will be owned by the same user as well. There is no relationship between the -c option and those PIDs.

Therefore, if you want to run gotty itself with PID0, you can just run like sudo gotty /bin/sh (the owner of both gotty and /bin/sh will be PID0).
If you want to run only /bin/sh with PID0, you can run like gotty sudo /bin/sh (in this case, you may need to edit the sudors file to run sudo without a password).

Instead of /bin/sh, it might be a better way to use just /bin/login or ssh to use OS's authentication system. If you want to integrate gotty with a HTTP-level authentication like PAM or something, it's out of the scope of gotty, I believe. Gotty can provide really a light way authentication (basic auth), however, if you need a stricter authentication, perhaps setting up a proxy in front of gotty like nginx and Apache is the way to go.

@nephaste
Copy link
Author

Hi Yudai,

thanks for the feedback, i will try with /bin/login didnt think about it :)

@nephaste
Copy link
Author

confirm work as expected with /bin/login ;)

@ariselseng
Copy link

I am thinking about using "gotty /bin/login" as a way to login to my server without a terminal. Is this in any way considered safe? I mean it is using the OS own authentication. Is it safe?

@yudai
Copy link
Owner

yudai commented Oct 13, 2015

@cowai Maybe no body can make sure that using /bin/login with gotty is safe. It depends on your requirements.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@yudai @ariselseng @haliphax @nephaste