Curt Manucredo wrote: > On Thu, 15 Feb 2007 14:52:03 +0000 > Anton Piatek <anton@piatek.co.uk> wrote: > >> Curt Manucredo wrote: >>> dear mentors and members >>> > snipp... >>> so this is the attempt to gain help from you! if you wish to have a >>> copy of this program, please say so. >>> the description of the 3 executable follows: >>> >>> *urequestd* can be called a *virtual super user*. it gets >>> started on system bootup and awaits requests from the *urequest >>> client* program. *urequestd* looks up the everybodys accessable >>> fifo-file */var/opt/urequestd* and in case it finds *urequest* >>> in */proc/$pid_of_urequest* and can make sure that the request >>> comes from an urequest instance, it will execute the request and >>> orphans it into background sendig the pid ot this process back to >>> the request client. since urequestd does not execute any process >>> unless it comes from an urequest-client, all verifications are done >>> in the urequest client program. this includes user and group >>> verification as well as checking if the request even exists. >>> >>> *urequest* is part of the urequest daemon package. it makes it >>> possible for any user to *call a command* >>> without the need for *root-rights*. to make this possible >>> a rule-file has to be created under */etc/urequestd/rules/*. it must >>> be a bash-script, set executable and having the file-extenstion >>> *.rule*. to then make a normal user able to call such a request >>> the user must be added with the *urequestp utility* as an authorized >>> user. it is also possible to add a group to the rule to make a punsh >>> of users able to call a rule. > snipp... >>> ps: i am not subscribed to this list, please cc me! >> How is this different from sudo? > > well. i don't know how sudo works, but as far as i know it needs a > password-verification. with urequest you don't. this is not unsafe in > my opinion since i use urequestd to wvdial for example or for the > hibernate package or to ifupdown any iface with no need to enter a > password. on the other hand with sudo anyone can call every command. > with urequestd it is restricted to just those rules which are present. > so for example: if your user-account is a memeber of dialout the > wvdial-rule will run for you, as long as you add the group dialout to > it. i dont say urequestd can replace sudo or su (it is not intended > for that), but i believe it could replace setuid. as far as i can see > wodim and pmount would be two great candidates for this! are they not? > so here is my question: does sudo work the same way as urequestd? did i > reinvent the wheel? > thank you for your reply . > > curt > I have a feeling you have reinvented the wheel. Sudo can be used without a password and can be set on a per-user, per-application basis i.e. give user X permission to run Y with/without a password. Anton -- email: anton@piatek.co.uk blog/photos: http://www.strangeparty.com pgp: [0xB307BAEF] (http://tastycake.net/~anton/anton.asc) fingerprint: 116A 5F01 1E5F 1ADE 78C6 EDB3 B9B6 E622 B307 BAEF
Attachment:
signature.asc
Description: OpenPGP digital signature