[prev in list] [next in list] [prev in thread] [next in thread]
List: sudo-workers
Subject: [sudo-workers] Using sudo to create roles.....
From: "Parker, Michael D." <Michael.D.Parker () ga ! com>
Date: 2016-06-23 18:58:47
Message-ID: 2ba6e81b856c4bd4870aa4828693c6bb () ASGEXCPWP01 ! ga ! com
[Download RAW message or body]
I've run into an interesting situation that sudo almost covers.
I was planning on establishing roles using groups, with group passwords and due to \
project restrictions I cannot use the NOPASSWD: option for a group.
I was thinking further it might be an interesting idea if sudo syntax and processing \
could be extended so that for any given line an option is provided as to which \
user/group account password is used to authenticate the transaction. Right now it is \
restricted to either the user password or the root password and this setting is of \
global scope. What is needed is something scoped to the specific sudo line.
The extension of the line syntax could something be like but I can see other \
alternatives as well:
username ALL=(ALL) USEUSERPW:rolemaster /usr/bin/someapp
username ALL=(ALL) USEGROUPPW:grouprole \
/usr/bin/someotherapp
This type of change would make it a lot easier to configure special privs on a role \
based model from what I can see.
Is this on the change list or even under consideration?
***** ***** *****
Michael D. Parker
General Atomics - EMS
Michael.d.parker@ga.com<mailto:Michael.d.parker@ga.com> <<<<< NOTE: Remember to \
include my middle initial >>>>> +1 858 964 6675 / Office 86-1319 <<<<< NOTE: New \
Office Location >>>>> 16969 Mesamint Street / San Diego / CA / 92127
************************************************************************
CONFIDENTIALITY NOTICE: This communication is intended to be confidential to the
person(s) to whom it is addressed. If you are not the intended recipient or the \
agent of the intended recipient or if you are unable to deliver this communication to \
the intended recipient, you must not read, use or disseminate this information. If \
you have received this communication in error,please advise the sender immediately by \
telephone and delete this messageand any attachments without retaining a copy.
*************************************************************************
____________________________________________________________
sudo-workers mailing list <sudo-workers@sudo.ws>
For list information, options, or to unsubscribe, visit:
https://www.sudo.ws/mailman/listinfo/sudo-workers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic