slawek at lach.art.pl
Sun Oct 18 01:55:42 MDT 2015
There's no tool to grant privileges for current user for specify
ammount of time. In my opinion, there's should be tool that gives user
permissions to run specified command without password by specified
ammount of time. Admin can edit /etc/sudoers, but that's not good
In my opinion there's shouold exist /etc/sudoers.d/ directory contains
files for each user, for example /etc/sudoes.d/sławomir or
/etc/sudoers/1000. This file should have format like this:
timestamp(in text):command(int text)
Sudo grant syntax:
sudo-grant shutdown|<date/time specification> [-u <username>] --
Also, there's should been a daemon, which delete outdated entries.
Of course, sudo should respect additionall files.
Why we need this? Imagine i would like to run command yast, but for
this session only, so I type:
sudo-grant shutdown -- /sbin/yast
And type root's password.
More information about the sudo-workers