[sudo-workers] Sudo and gnome-menus

Manu Cornet manu.cornet at gmail.com
Tue Jul 26 16:52:32 EDT 2005




Hello !


I am new to this list, and I am aware that sending a message so fast is 
against a lot of "Netiquette" rules. However, I am part of a summer 
program (Google's "Summer of Code") for open source coding, which ends 
on September 1st : that's why I need to be moving quite fast :o) I hope 
I don't get it all wrong.

The problem is : in the GNOME menus, I would like to hide menu entries 
that require administrator authorizations (eg "Synaptic", a front-end 
for apt) from non-sudoers.

I have already set a temporary solution, but only for a precise Linux 
distribution (Ubuntu). Since the user could very well be able to run 
some admin program (like Synaptic) and not another (like starting 
apache), I need to rely on sudo. Another detail : obviously, I can't ask 
the user to input his password again, while the menus are being built...


So here's my question : would it be possible to add an option to sudo 
(for example : -t or --test) to check whether the user can or cannot run 
a particular command, without giving his password ?

It could look like :

 >sudo --test /usr/sbin/synaptic
sudo test : user is allowed to run synaptic
(returning 0)

 >sudo --test /usr/sbin/adduser
sudo test : user is NOT allowed to run adduser
(returning something != 0)

Has this question already been discussed ? Would any part of it be 
considered a security hole ? Would it be difficult to code ? Of course, 
I am willing to work on this myself if you agree with the idea (but I 
will probably need a little help).


Thank you for your answers !
Emmanuel Cornet



More information about the sudo-workers mailing list