On Thu, Feb 15, 2007 at 05:34:56PM +0100, Curt Manucredo wrote: > On Thu, 15 Feb 2007 14:52:03 +0000 > Anton Piatek <[EMAIL PROTECTED]> wrote: > > > Curt Manucredo wrote: > > > dear mentors and members > > > > snipp... > > > so this is the attempt to gain help from you! if you wish to have a > > > copy of this program, please say so. > > > the description of the 3 executable follows: > > > > > > *urequestd* can be called a *virtual super user*. it gets > > > started on system bootup and awaits requests from the *urequest > > > client* program. *urequestd* looks up the everybodys accessable > > > fifo-file */var/opt/urequestd* and in case it finds *urequest* > > > in */proc/$pid_of_urequest* and can make sure that the request > > > comes from an urequest instance, it will execute the request and > > > orphans it into background sendig the pid ot this process back to > > > the request client. since urequestd does not execute any process > > > unless it comes from an urequest-client, all verifications are done > > > in the urequest client program. this includes user and group > > > verification as well as checking if the request even exists. > > > > > > *urequest* is part of the urequest daemon package. it makes it > > > possible for any user to *call a command* > > > without the need for *root-rights*. to make this possible > > > a rule-file has to be created under */etc/urequestd/rules/*. it must > > > be a bash-script, set executable and having the file-extenstion > > > *.rule*. to then make a normal user able to call such a request > > > the user must be added with the *urequestp utility* as an authorized > > > user. it is also possible to add a group to the rule to make a punsh > > > of users able to call a rule. > snipp... > > > ps: i am not subscribed to this list, please cc me! > > > > How is this different from sudo? > > well. i don't know how sudo works, but as far as i know it needs a > password-verification. with urequest you don't. this is not unsafe in > my opinion since i use urequestd to wvdial for example or for the > hibernate package or to ifupdown any iface with no need to enter a > password. on the other hand with sudo anyone can call every command. > with urequestd it is restricted to just those rules which are present. > so for example: if your user-account is a memeber of dialout the > wvdial-rule will run for you, as long as you add the group dialout to > it. i dont say urequestd can replace sudo or su (it is not intended > for that), but i believe it could replace setuid. as far as i can see > wodim and pmount would be two great candidates for this! are they not? > so here is my question: does sudo work the same way as urequestd? did i > reinvent the wheel? > thank you for your reply .
You can configure sure to allow only some commands and to not ask for a password. sudo can do all you do with urequestd. According to your description. I havent checked urequestd myself. IMO you reinvented the wheel (in a more then complicated way). Michael -- .''`. | Michael Koch <[EMAIL PROTECTED]> : :' : | Free Java Developer <http://www.classpath.org> `. `' | `- | 1024D/BAC5 4B28 D436 95E6 F2E0 BD11 5923 A008 2763 483B -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
