GNOME panel and sudo

Olafur Arason olafra at gmail.com
Sun Jul 17 20:27:39 CDT 2005 

What is wrong with giving the changing the group on these .desktop files to
admin and changing the permissons to 640. This works as expected and
doesn't involve a security risk or a parser.

Olafur Arason


On 7/17/05, Manu Cornet <Manu.Cornet at gmail.com> wrote:
> 
> 
> Hi !
> 
> Among a few enhancements projects for the GNOME panel, I would like to
> hide entries that require a sudo password (eg Synaptic) from non-sudoers
> users (they can't use these programs anyway, and it would free up some
> space and make the menus simpler to understand).
> 
> So the program that builds the menu needs to know whether the user is
> sudoer or not. It needs to be setuid root, so that it can read the
> /etc/suoders file.
> 
> Here are the different ideas for the moment :
> 
> * Parse the /etc/sudoers in a very straightforward way. For example :
> search for user names at the beginning of lines, and search for groups
> ("%admin") as well, then see if the user is in it.
> 
> * Get and reuse the code of the "sudo" command. But I had a glance, it's
> really tricky, long and complex code because it needs to manage a lot of
> complicated stuff, such as aliases, grammars for sudoers definition,
> etc. Well, I'm not sure it would be a good idea to import so much code
> (or even a reasonnable subset) to the gnome panel, just for doing this.
> 
> * Directly use the "sudo" command. If I type "sudo -l", then I can see
> what types of commands I am allowed to run (and that's all I need). The
> problem is that it needs my user password ; and asking the user to type
> his password a second time when his session is opening is of course out
> of the question. But, since we need a setuid root anyway, maybe there is
> a way to run a "sudo -l", as root, to get info about a particular user
> (but I don't know how to do that).
> 
> Does anybody have an idea on what would be the best way to achieve this?
> 
> Thanks in advance !
> Manu
> 
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>

More information about the ubuntu-devel mailing list