On Wed, 2006-06-07 at 19:52 -0400, Mike McLean wrote:
Michael_E_Brown(a)Dell.com wrote:
> -- Should we allow untrusted users access to the 'mock' group?
This has been a concern of mine as well. However, I think the solution
is not to harden mockhelper, but to change the role of mockhelper.
At the moment, mock runs as a mortal user and uses mockhelper to execute
a limited number of shell commands as root. What I'd like to do is have
mock-helper (possibly renamed) run mock.py (and only mock.py) as root,
letting mock.py take actions directly without having to filter back
through mockhelper.
Ok, so this is the coolest proposed solution I have seen to this
problem. I like it a lot.
--
Michael