Opened 15 years ago
Closed 15 years ago
#115 closed defect (fixed)
actively break sudo for users who aren't supposed to
Reported by: | geofft | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | internals | Keywords: | |
Cc: |
Description
PAM is a good choice here.
So is replacing our uses of sudo internally (like LDAP backups from the scripts locker) with setuid wrappers, and making sudo not setuid a la Linerva. We know what's in /etc/sudoers, so we can do this.
Change History (1)
comment:1 Changed 15 years ago by geofft
- Resolution set to fixed
- sensitive set to 0
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
I did this with shell functions in mbashrc in r1565 (with vague mumbles of approval from Mitch and Alex). They even semi-intelligently attempt to give you useful information for the command you won't be able to run.