On Thu, 15 Feb 2007 14:52:03 +0000 Anton Piatek <[EMAIL PROTECTED]> wrote:
> Curt Manucredo wrote: > > dear mentors and members > > snipp... > > so this is the attempt to gain help from you! if you wish to have a > > copy of this program, please say so. > > the description of the 3 executable follows: > > > > *urequestd* can be called a *virtual super user*. it gets > > started on system bootup and awaits requests from the *urequest > > client* program. *urequestd* looks up the everybodys accessable > > fifo-file */var/opt/urequestd* and in case it finds *urequest* > > in */proc/$pid_of_urequest* and can make sure that the request > > comes from an urequest instance, it will execute the request and > > orphans it into background sendig the pid ot this process back to > > the request client. since urequestd does not execute any process > > unless it comes from an urequest-client, all verifications are done > > in the urequest client program. this includes user and group > > verification as well as checking if the request even exists. > > > > *urequest* is part of the urequest daemon package. it makes it > > possible for any user to *call a command* > > without the need for *root-rights*. to make this possible > > a rule-file has to be created under */etc/urequestd/rules/*. it must > > be a bash-script, set executable and having the file-extenstion > > *.rule*. to then make a normal user able to call such a request > > the user must be added with the *urequestp utility* as an authorized > > user. it is also possible to add a group to the rule to make a punsh > > of users able to call a rule. snipp... > > ps: i am not subscribed to this list, please cc me! > > How is this different from sudo? well. i don't know how sudo works, but as far as i know it needs a password-verification. with urequest you don't. this is not unsafe in my opinion since i use urequestd to wvdial for example or for the hibernate package or to ifupdown any iface with no need to enter a password. on the other hand with sudo anyone can call every command. with urequestd it is restricted to just those rules which are present. so for example: if your user-account is a memeber of dialout the wvdial-rule will run for you, as long as you add the group dialout to it. i dont say urequestd can replace sudo or su (it is not intended for that), but i believe it could replace setuid. as far as i can see wodim and pmount would be two great candidates for this! are they not? so here is my question: does sudo work the same way as urequestd? did i reinvent the wheel? thank you for your reply . curt -- make sure that anywhere in your mail the string 'debian' appears. otherwise your message will not end up in my mailbox! Curt Manucredo curtm2 at yahoo dot de .''`. : :' : `. `'` `- proud debian-user http://www.debian.org http://blueblended.wordpress.com http://www.keinverlag.at/autoren.php?autor=2311 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
