Allowing a user administrative tasks without roots password

Jef Spaleta jspaleta at princeton.edu
Tue Oct 14 13:45:22 UTC 2003


Boszormenyi Zoltan wrote:

> Now starting 'Printing' from the System Settings menu
> does not asks the root password. However, starting
> the Print Manager from the panel and editing settings
> of a printer still asks. To avoid this the same
> modification is needed in /etc/pam.d/redhat-config-printer-gui.
> Why is there two pam config file for these? They start the same
> task...


it has to do with how consolehelper and userhelper works afaict...
man consolehelper
man userhelper
and then look at the files in /etc/security/console.apps/

Now my reading of how userhelper works suggests there might be a way to
link these two programs together using the variables userhelper looks
for in the console.apps files. Or a simple solution might be to symlink
the pam.d control files for r-c-printer-gui and printconf-gui together
out of the box since they are infact the same program binary in
reality...assuming that there isn't some functionality difference if
called by the different names.

If you are really intent on this sort of wholesale rights to
users...maybe you really want to use pam_console instead of
pam_localuser for some functions.


-jef
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20031014/4793b2af/attachment.sig>


More information about the fedora-test-list mailing list