sudo, pam, ssh and Gnome

Matthew Hannigan mlh at
Tue Sep 3 20:50:14 EDT 2002

Aaron Sherman wrote:

> I don't want a root shell. In fact, I don't want a shell at all. Here's
> an example: I run the Red Carpet updater under Gnome. It brings up a
> dialog to ask for the root password. That dialog uses pam to
> authenticate, so there should be a way to authenticate "I'm ajs, a user
> who is authorized to run this command as root" via a sudo pam module,
> no?

There is some sample pam code around which implements a permission
list.  We add it to our su pam lines at work to restrict who can
do su at all.

You could use this, perhaps, by configuring it as a "sufficient"
pam module and putting it early in the sudo pam chain.

Is this what you want?


More information about the sudo-workers mailing list