1

I need to write a script getPwd.pl($user) that parses a password file an returns the password for a particular user.

file to parse (password.txt)

DEFINE ALICE = 'alice#1';
DEFINE BENICE = 'benice#1';
DEFINE CATHY = 'cathy#1';

A second script authUser.pl must call getPwd.pl($user) and the returned value will be passed into the second script to authenticate a user.

Modules is not a option as the getPwd.pl will be owned by a different user and I will be using sudo to execute getPwd.pl.

Please assist and provide some guidance on how to go about this.

Improve this question
4
  • 1
    Redesign the system so the password file is world readable but contains hashed and salted passwords. Commented Nov 21, 2011 at 6:51
  • I do not have the option to redesign the password file. Commented Nov 21, 2011 at 6:53
  • where exactly is your problem in doing this? Commented Nov 21, 2011 at 6:55
  • my problem is in passing values from one script to the other. Commented Nov 21, 2011 at 7:13

2 Answers 2

Reset to default
1

I agree that the system, as a whole, should be fixed. And if you can execute sudo then you certainly have the ability to fix the problem!

However, to answer the actual question, the best thing to do would be to call getPwd.pl as a command (not as a function like you've shown above).

my $pwd = `getPwd.pl $user`

And then take the $pwd argument as the response.

However, if you can at least make the other file a module or a sourced file you'd be much better off.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You can simply print the value extracted from the password file, and use backticks or qx() to capture it in the authorization script. E.g.:

my $pass = qx(/path/to/password.pl cathy);

The password script might be something as simple as:

my $name = shift;
open my $fh, '<', '/path/to/password.txt' or die $!;
while (<$fh>) {
    /^DEFINE $name =/i && last; # Optional /i modifier for case insensitive match
}

if ($_ && /^DEFINE $name = '([^']+)'/) { # Must check $_ is not empty
    print $1;
}
Improve this answer

8 Comments

Thanks. Is there a way of avoiding printing the password? I know this is required for the backtics.
@user621092 Why would you want to avoid printing the password?
Security by obscurity concerns? I think that ship sailed when you put plain text passwords in a file. Any user who can execute getPwd.pl successfully can also read the password file. If you load getPwd.pl as a module into your script, you can pass the password as a variable within the script. But then you would have to run the authorization script with sudo, and then the whole point of two scripts would be moot.
Yes security concerns. My idea is that only a single user will be able to execute the script as setup in sudoers. Does execut rights also mean read rights to the file?
Well, someone who can sudo getPwd.pl can also sudo cat password.txt. If you do not have read rights as sudoer, you cannot open the password file for reading, perl will die and report Permission denied. Even if you could pass it without printing, it would be possible to extract somehow. If you want security, this is not the way to go.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.