GNOME panel and sudo
Vincent Untz
vincent at vuntz.net
Mon Jul 18 04:12:10 CDT 2005
On Sun, July 17, 2005 22:58, Manu Cornet said:
> Hi !
Hi Manu,
[...]
> Here are the different ideas for the moment :
>
> * Parse the /etc/sudoers in a very straightforward way. For example :
> search for user names at the beginning of lines, and search for groups
> ("%admin") as well, then see if the user is in it.
I don't think we want this since this won't understand the file grammar
and can lead to some false positives.
> * Get and reuse the code of the "sudo" command. But I had a glance, it's
> really tricky, long and complex code because it needs to manage a lot of
> complicated stuff, such as aliases, grammars for sudoers definition,
> etc. Well, I'm not sure it would be a good idea to import so much code
> (or even a reasonnable subset) to the gnome panel, just for doing this.
Note that the code won't go in the panel. It will go in a helper binary.
That's different (at least to me :-)).
This looks like one of the best way to do.
> * Directly use the "sudo" command. If I type "sudo -l", then I can see
> what types of commands I am allowed to run (and that's all I need). The
> problem is that it needs my user password ; and asking the user to type
> his password a second time when his session is opening is of course out
> of the question. But, since we need a setuid root anyway, maybe there is
> a way to run a "sudo -l", as root, to get info about a particular user
> (but I don't know how to do that).
And then? You'll need to parse the output of this and it might be
complex...
I also liked Danilo's idea:
export USER_IS_ADMIN=1
But it just moves the problem to the start of the session, instead of
having it in gnome-menus ;-)
Vincent
--
Les gens heureux ne sont pas pressés.
More information about the ubuntu-devel
mailing list