I think that you're honestly better off creating some kind of pipe or socket where the commands come through, which has a list of functions that it can provide. That way you can have a list, and see if there's a match for what's sent. It'd really be quite hard to implement a SUID type of arrangement here in a way that's secure... a lot of variables. Maybe a pipe running as a use on the box that calls sudo with the command, and then you have sudo do the command checking for you, etc. That doesn't sound too difficult actually... hmm.
Cheers, Liam On Thu, 2004-05-13 at 18:00, Chris Wright wrote: > * Gregory (Grisha) Trubetskoy ([EMAIL PROTECTED]) wrote: > > > > Has there been any discussion of having a feature whereby a binary would > > be executed with higher capabilities automatically? > > This can be done with two ways. Normail setuid-root will elevate, and > then some LSM modules like SELinux and LIDS can define which > capabilities a program will get when it's exectued. > > thanks, > -chris _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
