GNOME panel and sudo
Manu Cornet
Manu.Cornet at GMail.com
Sun Jul 17 15:58:15 CDT 2005
Hi !
Among a few enhancements projects for the GNOME panel, I would like to
hide entries that require a sudo password (eg Synaptic) from non-sudoers
users (they can't use these programs anyway, and it would free up some
space and make the menus simpler to understand).
So the program that builds the menu needs to know whether the user is
sudoer or not. It needs to be setuid root, so that it can read the
/etc/suoders file.
Here are the different ideas for the moment :
* Parse the /etc/sudoers in a very straightforward way. For example :
search for user names at the beginning of lines, and search for groups
("%admin") as well, then see if the user is in it.
* Get and reuse the code of the "sudo" command. But I had a glance, it's
really tricky, long and complex code because it needs to manage a lot of
complicated stuff, such as aliases, grammars for sudoers definition,
etc. Well, I'm not sure it would be a good idea to import so much code
(or even a reasonnable subset) to the gnome panel, just for doing this.
* Directly use the "sudo" command. If I type "sudo -l", then I can see
what types of commands I am allowed to run (and that's all I need). The
problem is that it needs my user password ; and asking the user to type
his password a second time when his session is opening is of course out
of the question. But, since we need a setuid root anyway, maybe there is
a way to run a "sudo -l", as root, to get info about a particular user
(but I don't know how to do that).
Does anybody have an idea on what would be the best way to achieve this?
Thanks in advance !
Manu
More information about the ubuntu-devel
mailing list