Usermode request: add patch enabling group membership to control auth user
Will Backman
whb at ceimaine.org
Fri Apr 16 13:56:41 UTC 2004
On Fri, 2004-04-16 at 09:48, Matthew Miller wrote:
> On Fri, Apr 16, 2004 at 02:58:27PM +0200, Miloslav Trmac wrote:
> > > My patch implements what I call a "sudo-like" behavior (although it is
> > > much simpler than sudo). Each program, through its console.apps config
> > > file, can have a list of groups whose members are able to authorize as
> > > themselves. Anyone not a member of the approved groups either must give
> > > the root password (or the password of a given user, or is denied access
> > > completely via a new <none> value).
> > Shoudn't this be already possible using PAM (e.g. pam_listfile)?
>
> I don't think so. How would you do it? The selection of user account to
> authorize against (root, or <user>, or even some other account) happens at a
> earlier/higher level.
>
Would it ever be possible to give someone rights to manage certain
accounts but not others? If you can change the root password, you are
as good as root.
More information about the fedora-test-list
mailing list