Opened 14 years ago

Closed 14 years ago

#115 closed defect (fixed)

actively break sudo for users who aren't supposed to

Reported by: geofft Owned by:
Priority: major Milestone:
Component: internals Keywords:


PAM is a good choice here.

So is replacing our uses of sudo internally (like LDAP backups from the scripts locker) with setuid wrappers, and making sudo not setuid a la Linerva. We know what's in /etc/sudoers, so we can do this.

Change History (1)

comment:1 Changed 14 years ago by geofft

  • Resolution set to fixed
  • sensitive set to 0
  • Status changed from new to closed

I did this with shell functions in mbashrc in r1565 (with vague mumbles of approval from Mitch and Alex). They even semi-intelligently attempt to give you useful information for the command you won't be able to run.

Note: See TracTickets for help on using tickets.