[sudo-workers] Policy Plugins

Todd C. Miller Todd.Miller at courtesan.com
Fri May 13 12:59:03 MDT 2016

The reason that only a single policy plugin is supported is that
combining multiple disparate security policies in a meaningful way
is hard to do.  How would you even analyze such a composite policy?

I don't think multi-factor authentication is a good reason to support
this, that is the job of things like PAM.

What I had been contemplating for a revamped plugin API is adding
approval plugins.  These would not grant privileges and could only
be used to deny a command that was allowed by the policy plugin.

Possible uses include:

1. Local time of day restrictions.

2. Explicit approval requirements from a more senior admin, potentially
   requiring the senior admin to sign-off on the command via XMPP
   or some other method.

 - todd

More information about the sudo-workers mailing list