[sudo-workers] newgrp-style group changing; non-unix group support

Ted Percival ted.percival at quest.com
Wed Sep 27 03:04:44 EDT 2006 

Hi folks. I have come up with a couple of new features for sudo that
people might be interested in.

Each patch (attached) starts with a short description of what it does.
The patches are made against the 2.6.8p12 release of sudo. I reproduce
the descriptions here:


- newgrp.diff ----------

Adds newgrp-style primary group changing to sudo, allowing more secure
and more fine-grained control over group changing than newgrp. It is
implemented in terms of a new '-g' command-line option and an extended
(but backwards compatible) configuration syntax.


- nonunix.diff ----------

Adds the ability to provide an extended group-matching syntax whereby
"non-unix" groups can be matched in an implementation-dependent way.

This is the small bit of "glue" code used to attach our non-unix group
checking implementation. The rest is available from our Subversion
repository (file
<http://rc.vintela.com/svn/repos/sudo/trunk/vasgroups.c>) however
because it is designed to link with a proprietary library I have not
included that file the diff.


- buildhacks.diff ----------

The remainder of our repository's changes, including:
- Changes some autoconf syntax that was causing configure to fail.
- Renames sudo_noexec.la to libsudo_noexec.la
- Enables make rules for files such as parse.lex and parse.yacc
- Builds unstripped binaries.


The full repository is available from
<http://rc.vintela.com/svn/repos/sudo/trunk/> and I invite constructive
criticism and testing of the changes.

Finally, I'd like to check that providing these changes in both source
and binary forms from our website (<http://rc.vintela.com/>) under a
name like "RC Sudo" or "Quest Sudo" (not yet finalised) is OK with
regard to use of the Sudo name.

Many thanks.
-- 
Ted Percival
Quest Software
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: buildhacks.diff
URL: </pipermail/sudo-workers/attachments/20060927/b8d4c99c/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: newgrp.diff
URL: </pipermail/sudo-workers/attachments/20060927/b8d4c99c/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: nonunix.diff
URL: </pipermail/sudo-workers/attachments/20060927/b8d4c99c/attachment-0002.ksh>

More information about the sudo-workers mailing list