On Sat, Nov 10, 2012 at 09:47:58PM +0100, rustyBSD wrote: > Hi, > is there a wayto useauth_userokay()without setgid > to "auth" ? > <snip> > So it seems that I have to setgid to "auth", and my binary > must be setuid. > > Am I wrong ? Is there a way of authenticatingwithout being > setuid ?
There's also setgid (chmod g+s). You can't check a password without having the proper privilege. Otherwise anybody on the system could run dictionary attacks.