[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
sudo replacement (or: Guy Keren wrote about sockets, not about FIFOs)
In the world of Slackware and Linux 1.2.13, there used to be a command
called 'sudo' which allowed mortal users to issue certain commands, which
are usually reserved to the Almighty Superuser.
However, due to unfathomable and mysterious reasons, this command
disappeared from RedHat Linux 5.1 (kernel version 2.0.34).
So I am trying to develop a server-client implementation, which replaces
the functionality of sudo.
I decided to use FIFOs instead of sockets, because I don't want users from
other machines to talk to my server's socket. The client also communicates
with the server by means of keywords, which the server translates into
the real commands (such as: 'kibui' -> 'shutdown -h now'). Since unknown
keywords are rejected, security risks can be better controlled.
However, there are certain commands, which require the user to give a password.
In such a case, there are three processes which need somehow to communicate
with each other:
client - server - command
The server wants to intercept anything the command writes to stdout/stderr
and send it to the client for displaying. The server also wants to transfer to
the command's stdin anything which the client wants to transfer to it.
I was not successful in getting the above to work right, after:
- man perlfaq5
- man perlproc
- man open
- man IPC::Open3
- some tinering with the code
- fooling around with the code
My questions are as follows:
1. For check of my sanity - why did sudo disappear from RedHat 5.1?
2. Is there any RPM with the sudo related files?
3. Are there any other good solutions to the problem of letting an ordinary
user issue certain commands, which are usually subjected to Superuser
privileges?
4. Did anyone do something similar to the client-server design sketched
above?
5. How can I get the above to work properly, using FIFOs and perl?
--- Omer
WARNING: by sending me unsolicited commercial/religious/political/M@ilPush
E-mail (known also as "spam") you irrevocably agree to pay me US$500.-
(plus any legal fees incurred by my trying to collect the above amount) per
unsolicited commercial/religious/political/M@ilPush E-mail message sent
to me - for the service of receiving it.