Christopher Allan Webber <cweb...@dustycloud.org> writes: > So, you're running psudo, and this thing maybe accepts connections over > something more secure, *maybe* unix domain sockets... so restrict group > access to the socket to users in the "psudo" group. > > From there, maybe it could require PAM authentication while entering the > root password, or something. > > It feels hard to know how psudo could "know" what user is accessing the > socket... I don't think that information is made available, right? > Maybe I'm wrong! I guess postgres and etc do similar things?
On Linux, there is SCM_CREDENTIALS (and similar stuff on BSDs). From Linux unix(7): SCM_CREDENTIALS Send or receive UNIX credentials. This can be used for authentication. The credentials are passed as a struct ucred ancillary message. Thus structure is defined in <sys/socket.h> as follows: struct ucred { pid_t pid; /* process ID of the sending process */ uid_t uid; /* user ID of the sending process */ gid_t gid; /* group ID of the sending process */ }; Moreover there is the Polkit (ne PolicyKit) framework for this kind of stuff, which could provide a more high-level interface if we chose to use it. (GNOME uses it as does systemd) (Note that there is already pkexec (bundled with Polkit) which provides a sudo replacement with authentiation and policy through Polkit. But it's setuid for some reason. I haven't investigated why...)