On Thu, Oct 23, 2003 at 06:18:31PM -0400, Sean Dague wrote: > a setuid wrapper opens up all kinds of issues. A previous attempt at an > http interfaces was shot down for that reason. You don't want normal users > changing images, as it means that any normal user on that box can change the > root password that will end up on all the other boxes (scary by a lot). > > I think a much better approach is to document how one might set up sudo to > allow for use of SystemImager and Imagemanip by a small set of priviledged > accounts on the machine.
Oh duh, yeah, that's a great idea. Please ignore my stupid request for a setuid wrapper. :) As for "normal users" working on images, that's basically the design goal of "imagemanip", which has another set of permissions for which users can work on which images. It looks like I can use the SUDO_USER env variable to figure out who ran it for the image perm checking. Okay. I've modified the code to work with 'sudo' instead of my wrapper. Here's what I have to check in: ? etc/imagemanip.conf ? etc/imagemanip.perm ? sbin/imagemanip M CHANGE.LOG M CREDITS M Makefile M systemimager.spec M doc/man/Makefile Shall I go ahead and commit? -- Kees Cook Open Source Development Lab [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Sisuite-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/sisuite-devel
