[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sudo replacement (or: Guy Keren wrote about sockets, not aboutFIFOs)
On Sat, 19 Dec 1998, Omer Zak wrote:
No need to reinvent the wheel, and surely no need to write a
server<->client based sudo package. There is sudo for RedHat, in the
powertools section, and it's named:
sudo-1.5.4-4.rpm
--Ariel
> In the world of Slackware and Linux 1.2.13, there used to be a command
> called 'sudo' which allowed mortal users to issue certain commands, which
> are usually reserved to the Almighty Superuser.
> However, due to unfathomable and mysterious reasons, this command
> disappeared from RedHat Linux 5.1 (kernel version 2.0.34).
>
> So I am trying to develop a server-client implementation, which replaces
> the functionality of sudo.
> I decided to use FIFOs instead of sockets, because I don't want users from
> other machines to talk to my server's socket.The client also communicates
> with the server by means of keywords, which the server translates into
> the real commands (such as: 'kibui' -> 'shutdown -h now').Since unknown
> keywords are rejected, security riskscan be better controlled.
>
> However, there are certain commands, which require the user to give a password.
> In such a case, there are three processes which need somehow to communicate
> with each other:
>
> client - server - command
>
> The server wants to intercept anything the command writes to stdout/stderr
> and send it to the client for displaying.The server also wants to transfer to
> the command's stdin anything which the client wants to transfer to it.
>
> I was not successful in getting theabove to work right, after:
> - man perlfaq5
> - man perlproc
> - man open
> - man IPC::Open3
> - some tinering with the code
> - fooling around with the code
>
> My questions are as follows:
> 1. For check of my sanity - why did sudo disappear from RedHat 5.1?
> 2. Is there any RPM with the sudo related files?
> 3. Are there any other good solutions to the problem of letting an ordinary
> user issue certain commands, which are usually subjected to Superuser
> privileges?
> 4. Did anyone do something similar tothe client-server design sketched
> above?
> 5. How can I get the above to work properly, using FIFOs and perl?
> --- Omer
> WARNING:by sending me unsolicited commercial/religious/political/M@ilPush
> E-mail (known also as "spam") you irrevocably agree to pay me US$500.-
> (plus any legal fees incurred by my trying to collect the above amount) per
> unsolicited commercial/religious/political/M@ilPush E-mail message sent
> to me - forthe service of receiving it.
>
>
+---------------------------------------------------------------+
| Ariel Biener |
| e-mail: ariel@post.tau.ac.il Work phone: 03-6406086 |
| fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC |
+---------------------------------------------------------------+