[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian: user-request-daemon (it could solve some problems)

On Thu, 15 Feb 2007 14:52:03 +0000
Anton Piatek <anton@piatek.co.uk> wrote:

> Curt Manucredo wrote:
> > dear mentors and members
> > 
snipp...
> > so this is the attempt to gain help from you! if you wish to have a
> > copy of this program, please say so.
> > the description of the 3 executable follows:
> > 
> > *urequestd* can be called a *virtual super user*. it gets
> > started on system bootup and awaits requests from the *urequest
> > client* program. *urequestd* looks up the everybodys accessable
> > fifo-file */var/opt/urequestd* and in case it finds *urequest*
> > in */proc/$pid_of_urequest* and can make sure that the request
> > comes from an urequest instance, it will execute the request and
> > orphans it into background sendig the pid ot this process back to
> > the request client. since urequestd does not execute any process
> > unless it comes from an urequest-client, all verifications are done
> > in the urequest client program. this includes user and group
> > verification as well as checking if the request even exists.
> > 
> > *urequest* is part of the urequest daemon package. it makes it
> > possible for any user to *call a command*
> > without the need for *root-rights*. to make this possible
> > a rule-file has to be created under */etc/urequestd/rules/*. it must
> > be a bash-script, set executable and having the file-extenstion
> > *.rule*. to then make a normal user able to call such a request
> > the user must be added with the *urequestp utility* as an authorized
> > user. it is also possible to add a group to the rule to make a punsh
> > of users able to call a rule.
snipp...
> > ps: i am not subscribed to this list, please cc me!
> 
> How is this different from sudo?

well. i don't know how sudo works, but as far as i know it needs a
password-verification. with urequest you don't. this is not unsafe in
my opinion since i use urequestd to wvdial for example or for the
hibernate package or to ifupdown any iface with no need to enter a
password. on the other hand with sudo anyone can call every command.
with urequestd it is restricted to just those rules which are present.
so for example: if your user-account is a memeber of dialout the
wvdial-rule will run for you, as long as you add the group dialout to
it. i dont say urequestd can replace sudo or su (it is not intended
for that), but i believe it could replace setuid. as far as i can see
wodim and pmount would be two great candidates for this! are they not?
so here is my question: does sudo work the same way as urequestd? did i
reinvent the wheel?
thank you for your reply .

curt

-- 
make sure that anywhere in your mail the string
'debian' appears. otherwise your message will not
end up in my mailbox!

Curt Manucredo
curtm2 at yahoo dot de

 .''`.
: :'  :
`. `'`
  `-
proud debian-user 
http://www.debian.org

http://blueblended.wordpress.com

http://www.keinverlag.at/autoren.php?autor=2311
Reply to: