Default sudo setup (Was: Re: The Future of Fedora.)
Behdad Esfahbod
behdad at cs.toronto.edu
Wed Dec 10 20:27:04 UTC 2003
On Wed, 10 Dec 2003, Michael K. Johnson wrote:
> On Wed, Dec 10, 2003 at 09:07:32AM -0800, Shahms King wrote:
> > I like that scheme and I'm pretty sure it can *all* be done using just
> > sudo and an appropriately clever sudoers file.
>
> Not quote -- most of this already goes through userhelper, not sudo,
> so from an infrastructure standpoint making /etc/pam.d/ files for
> stuff that uses userhelper use pam_wheel, appropriately configured.
> I just haven't thought through the pam configuration to make the
> "if in wheel, prompt for user password, otherwise prompt for root
> password" scheme work, which is why I thought there might be a bit
> more work to do.
>
> *Most* of the infrastructure is there, though, I think.
It would be nice to have the currect structure in place. There
are already lots of packages relying on that. And we sure need
the su and root password ;). Perhaps all the change we need is
that instead of userhelper/consolehelper/pam_console/... showing
for root password, it accepts any user/password which is in
sudoers. So, you see a dialog with a user and a password box,
and prompted that please enter an administrative user/pass. If
you are yourself a sudoer, the user field is already filled with
your own username, otherwise it's filled by root. The prompt
should remember the username. Moreover, if you are a sudoer
which does not need to enter a password, it should go on without
asking password, or at most show a dialog about it's going to use
your administrative permissions.
That should be a good idea to write a pam_console wrapper for
yum. But it should let normal users still query yum. Same for
rpm. An smart wrapper can determine when you need root when not.
behdad
> michaelkjohnson
>
> "He that composes himself is wiser than he that composes a book."
> Linux Application Development -- Ben Franklin
> http://people.redhat.com/johnsonm/lad/
More information about the devel
mailing list