GNOME panel and sudo

Manu Cornet Manu.Cornet at GMail.com
Sun Jul 17 15:58:15 CDT 2005



Hi !

Among a few enhancements projects for the GNOME panel, I would like to 
hide entries that require a sudo password (eg Synaptic) from non-sudoers 
users (they can't use these programs anyway, and it would free up some 
space and make the menus simpler to understand).

So the program that builds the menu needs to know whether the user is 
sudoer or not. It needs to be setuid root, so that it can read the 
/etc/suoders file.

Here are the different ideas for the moment :

* Parse the /etc/sudoers in a very straightforward way. For example : 
search for user names at the beginning of lines, and search for groups 
("%admin") as well, then see if the user is in it.

* Get and reuse the code of the "sudo" command. But I had a glance, it's 
really tricky, long and complex code because it needs to manage a lot of 
complicated stuff, such as aliases, grammars for sudoers definition, 
etc. Well, I'm not sure it would be a good idea to import so much code 
(or even a reasonnable subset) to the gnome panel, just for doing this.

* Directly use the "sudo" command. If I type "sudo -l", then I can see 
what types of commands I am allowed to run (and that's all I need). The 
problem is that it needs my user password ; and asking the user to type 
his password a second time when his session is opening is of course out 
of the question. But, since we need a setuid root anyway, maybe there is 
a way to run a "sudo -l", as root, to get info about a particular user 
(but I don't know how to do that).

Does anybody have an idea on what would be the best way to achieve this?

Thanks in advance !
Manu



More information about the ubuntu-devel mailing list