[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

pam-abort-on-locked-password and running privileged command from web browser

I have functionality on a server that allows users to decrypt and mount a luks partition as needed to provide access to data via a web browser. Wanted to make the ability to open it available via the browser interface to make it easier and not have to give everyone ssh access. I tried giving www-data NOPASSWD access to run cryptsetup and mount via sudo to achieve this. I am getting an error that seems to be a Whonix hardening measure:

/usr/lib/security-misc/pam-abort-on-locked-password: ERROR: Password for user “www-data” is locked.

references to this are here: https://github.com/Whonix/security-misc/

and here: http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Dev/Strong_Linux_User_Account_Isolation

I don’t know how to disable that security measure or how much of a security risk it would be to do so.
Any suggestions on the best way to achieve my end goal are appreciated.

1 Like

https://github.com/Whonix/security-misc/blob/master/usr/lib/security-misc/pam-abort-on-locked-password

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]