[sudo-workers] newgrp-style group changing; non-unix group support
Ted Percival
ted.percival at quest.com
Wed Sep 27 03:04:44 EDT 2006
Hi folks. I have come up with a couple of new features for sudo that
people might be interested in.
Each patch (attached) starts with a short description of what it does.
The patches are made against the 2.6.8p12 release of sudo. I reproduce
the descriptions here:
- newgrp.diff ----------
Adds newgrp-style primary group changing to sudo, allowing more secure
and more fine-grained control over group changing than newgrp. It is
implemented in terms of a new '-g' command-line option and an extended
(but backwards compatible) configuration syntax.
- nonunix.diff ----------
Adds the ability to provide an extended group-matching syntax whereby
"non-unix" groups can be matched in an implementation-dependent way.
This is the small bit of "glue" code used to attach our non-unix group
checking implementation. The rest is available from our Subversion
repository (file
<http://rc.vintela.com/svn/repos/sudo/trunk/vasgroups.c>) however
because it is designed to link with a proprietary library I have not
included that file the diff.
- buildhacks.diff ----------
The remainder of our repository's changes, including:
- Changes some autoconf syntax that was causing configure to fail.
- Renames sudo_noexec.la to libsudo_noexec.la
- Enables make rules for files such as parse.lex and parse.yacc
- Builds unstripped binaries.
The full repository is available from
<http://rc.vintela.com/svn/repos/sudo/trunk/> and I invite constructive
criticism and testing of the changes.
Finally, I'd like to check that providing these changes in both source
and binary forms from our website (<http://rc.vintela.com/>) under a
name like "RC Sudo" or "Quest Sudo" (not yet finalised) is OK with
regard to use of the Sudo name.
Many thanks.
--
Ted Percival
Quest Software
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: buildhacks.diff
URL: </pipermail/sudo-workers/attachments/20060927/b8d4c99c/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: newgrp.diff
URL: </pipermail/sudo-workers/attachments/20060927/b8d4c99c/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: nonunix.diff
URL: </pipermail/sudo-workers/attachments/20060927/b8d4c99c/attachment-0002.ksh>
More information about the sudo-workers
mailing list