[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sudo replacement (or: Guy Keren wrote about sockets, not aboutFIFOs)



On Sat, 19 Dec 1998, Omer Zak wrote:


No need to reinvent the wheel, and surely no need to write a
server<->client based sudo package. There is sudo for RedHat, in the
powertools section, and it's named:

sudo-1.5.4-4.rpm

--Ariel

> In the world of Slackware and Linux 1.2.13, there used to be a command
> called 'sudo' which allowed mortal users to issue certain commands, which
> are usually reserved to the Almighty Superuser.
> However, due to unfathomable and mysterious reasons, this command
> disappeared from RedHat Linux 5.1 (kernel version 2.0.34).
> 
> So I am trying to develop a server-client implementation, which replaces
> the functionality of sudo.
> I decided to use FIFOs instead of sockets, because I don't want users from
> other machines to talk to my server's socket.The client also communicates
> with the server by means of keywords, which the server translates into
> the real commands (such as: 'kibui' -> 'shutdown -h now').Since unknown
> keywords are rejected, security riskscan be better controlled.
> 
> However, there are certain commands, which require the user to give a password.
> In such a case, there are three processes which need somehow to communicate
> with each other:
> 
>      client - server - command
> 
> The server wants to intercept anything the command writes to stdout/stderr
> and send it to the client for displaying.The server also wants to transfer to
> the command's stdin anything which the client wants to transfer to it.
> 
> I was not successful in getting theabove to work right, after:
> - man perlfaq5
> - man perlproc
> - man open
> - man IPC::Open3
> - some tinering with the code
> - fooling around with the code
> 
> My questions are as follows:
> 1. For check of my sanity - why did sudo disappear from RedHat 5.1?
> 2. Is there any RPM with the sudo related files?
> 3. Are there any other good solutions to the problem of letting an ordinary
>  user issue certain commands, which are usually subjected to Superuser
>  privileges?
> 4. Did anyone do something similar tothe client-server design sketched
>  above?
> 5. How can I get the above to work properly, using FIFOs and perl?
>                                                                          --- Omer
> WARNING:by sending me unsolicited commercial/religious/political/M@ilPush
> E-mail (known also as "spam") you irrevocably agree to pay me US$500.-
> (plus any legal fees incurred by my trying to collect the above amount) per
> unsolicited commercial/religious/political/M@ilPush E-mail message sent
> to me - forthe service of receiving it.
> 
> 

   +---------------------------------------------------------------+
   | Ariel Biener                                                  |
   | e-mail: ariel@post.tau.ac.il           Work phone: 03-6406086 |
   | fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC |
   +---------------------------------------------------------------+