Rodrigo Borges Pereira
rbp at netcanvas.com
Mon Jan 28 01:17:47 EST 2002
Need some help here.
Users of %group1 connect to a page on the webserver and auth themselves
using login/password on /etc/shadow (mod_auth_shadow for apache allows
this). Index.php is loaded and execs sudo for quota and ps as
$PHP_AUTH_USER(/etc/sudoers configured to allow user apache to run quota
and ps impersonating any of %group1) and output is processed and shown
on the webpage. Works fine.
The problem: everyone on the server can create a webpage and see quota
and ps output for any user of %group1.
Solution: sudo offering to possibility to require TARGET user's password
before executing command (PHP knows the password as $PHP_AUTH_PW, so it
would be easily passed to the exec() that calls sudo).
Does sudo offer this possibility?
If not, any other similar program that can do this?
Thank you all in advance.
More information about the sudo-users