Default sudo setup (Was: Re: The Future of Fedora.)

Michael K. Johnson johnsonm at redhat.com
Wed Dec 10 21:20:18 UTC 2003


On Wed, Dec 10, 2003 at 11:37:59AM -0800, Shahms King wrote:
> I don't think the described authentication scheme is possible without
> some minor changes to userhelper.  Currently, userhelper can

I'm sure we'll need code changes to make this scheme work.  I just
want the code changes to be in the right place.

One thing to note is that SELinux may actually change where the
right places to make changes are, and how to make the changes.
This may have everything to do with roles and nothing to do with
the root user!

> Unfortunately, pam_xauth breaks with NFS home directories and '<user>'
> (it creates a new xauthority file in the home directory which root
> cannot read).

Uh, I have used pam_xauth primarily with root-squashed NFS home
directories; that's how I developed it in the first place.  This
doesn't make sense to me.  Can you be more explicit about the
failure mode you have observed?

michaelkjohnson

 "He that composes himself is wiser than he that composes a book."
 Linux Application Development                     -- Ben Franklin
 http://people.redhat.com/johnsonm/lad/





More information about the fedora-devel-list mailing list