On Mon, 26 Feb 2007 20:29:59 +0000 The Fungi <[EMAIL PROTECTED]> wrote:
> On Fri, Feb 16, 2007 at 08:10:34AM +0000, Anton Piatek wrote: > > I have a feeling you have reinvented the wheel. Sudo can be used > > without a password and can be set on a per-user, per-application > > basis i.e. give user X permission to run Y with/without a password. > > Even more flexible, sudo can be configured to use alternate means of > authentication, such as OTP, PKI or a ticket authority, often being > more secure options than reusable passwords when forced to admin a > system via a connection from some untrusted client machine. Also, > while I'm not sure I'd recommend it, sudo's rules (the sudoers file) > can be served to a network of machines from some central authority > such as an NFS export, YP/NIS+ or an LDAP backend. Not to mention, > the design and implementation of sudo has 27 years of historical > review and code audits from which to draw its assurance of security. i could never imagine that it is possible to call a command and then have root rights for it, without authentificating on the system with a password. so i thought a daemon running as root might solve that problem (which i thought it does exist) ;-). but since today i can not imagine how sudo is doing that - it might be very difficult to explain since i couldn't find an explantion on the net. so, how is sudo doing this auth-job, even with no password-verification. how does sudo treat the system? has anyone an answer to that so i can understand it? thank you for the participation and help regards curt -- make sure that anywhere in your mail the string 'debian' appears. otherwise your message will not end up in my mailbox! please cc me, i am not subscribed to the list Curt Manucredo curtm2 at yahoo dot de .''`. : :' : `. `'` `- proud debian-user http://www.debian.org http://blueblended.wordpress.com http://www.keinverlag.at/autoren.php?autor=2311 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]