sudo, pam, ssh and Gnome
Matthew Hannigan
mlh at zip.com.au
Tue Sep 3 20:50:14 EDT 2002
Aaron Sherman wrote:
> I don't want a root shell. In fact, I don't want a shell at all. Here's
> an example: I run the Red Carpet updater under Gnome. It brings up a
> dialog to ask for the root password. That dialog uses pam to
> authenticate, so there should be a way to authenticate "I'm ajs, a user
> who is authorized to run this command as root" via a sudo pam module,
> no?
There is some sample pam code around which implements a permission
list. We add it to our su pam lines at work to restrict who can
do su at all.
You could use this, perhaps, by configuring it as a "sufficient"
pam module and putting it early in the sudo pam chain.
Is this what you want?
Regards,
Matt
More information about the sudo-workers
mailing list