> On Sun, 3 Sep 2000, John Summerfield wrote:
>
> >> I have tried to make such a launcher to no avail. Seems to me
> >> KDE allows you to pop up a dialog to logon for "su". I could be
> >> wrong though...
> >>
> >> Any idea of how to do this? It is possible I suppose with a
> >> terminal window running su, or something but that is incredibly
> >> messy looking. I want it to look nice.
> >>
> >
> >The su command (as patched by RHI) always prompts for a password; it can't b
> e
> >made to take redirected input.
> >
> >I think the whole idea of users knowing root's password is flawed. What YOU
> >need is the ability to say "These users can use THIS program. but they canno
> t
> >do other superuser things."
> >
> >sudo may help; I'm not familiar with it.
> >
> >Otherwise, you could write yourself a setuid wrapper that checks whether the
>
> >invoking user is allowed to use it; logs & terminates if not, logs & runs it
>
> >if the user is.
> >
> >You cannot write it in bash, but you CAN do it in perl. Or C.
>
> I don't think I was clear here... When a user wants to run a
> root program *AS ROOT*, the open a terminal, and do:
>
> su -
> <enter password>
> programname
I think you were clear. I also think it's not a good idea. Anyone who knows
root's password can do anything.
My counsel is that you provide a wrapper that verifies that the individual
running it can do whatever the wrapper is designed to allow, and then runs
whatever the program is that does it.
For example, you could write, in perl, a wrapper that allows selected people
to run fdisk against /dev/sda (on my system that's a drive with removable
media), but not to fdisk /dev/hd? (where my fixed disks live).
The wrapper needs to be setuid root.
> What I am looking for is "click on the icon", up pops a dialog
> box saying "Enter the root password", and if it is correct, the
> program starts up - as root. I do not want sudo or any other
> solution. I just want to use what is there allready. For
> example, the Kerberos config tool asks for root password.
>
> I am still unable to find out how this is done. The GNOME
> launcher/shortcut thing has nowhere near the options the KDE
> "kdelnk" files do. I'm almost positive there is a simple way of
> doing this in KDE.
I think both allow you to run things in a terminal, and I think this is about
what you're asking to do.
>
> I tried putting in a commanline like (su - ; myprog)
> and it does not work either. No way of telling what is wrong
> either.
Of course it doesn't work. They're two commands.
>
> Right now I have to open a terminal, and then type:
>
> su - -c myprog
>
> That works, but it doesn't work when ran from an icon launcher
> because SU gets ran in the background and no doubt sits in lala
> land or dies on SIGTTIN....
>
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
