Date: Mon, 25 Jul 2005 13:41:53 +0200 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) To: Garrett Wollman <wollman@csail.mit.edu> Cc: freebsd-security@FreeBSD.ORG, asym <bsdlists@rfnj.org> Subject: Re: Adding OpenBSD sudo to the FreeBSD base system? Message-ID: <86iryz6rjy.fsf@xps.des.no> In-Reply-To: <17119.53059.856310.876840@khavrinen.csail.mit.edu> (Garrett Wollman's message of "Thu, 21 Jul 2005 12:37:23 -0400") References: <42DCC503.5000408@ludd.ltu.se> <20050719213356.GA1614@gothmog.gr> <20050721101331.GB854@trit.org> <24999.192.35.35.35.1121959413.squirrel@192.35.35.35> <20050721155241.GA20438@frontfree.net> <6.2.1.2.2.20050721122658.038f8508@mail.rfnj.org> <17119.53059.856310.876840@khavrinen.csail.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman <wollman@csail.mit.edu> writes: > su(8) already has the behavior you want. (Now implemented in a PAM > module, and I forget the precise details.) You're probably thinking of the auth_as_self option in pam_unix(8). It was introduced by Mark four years ago. However, what sudo(1) has that su(8) lacks is the ability to control which commands the user is allowed to execute with elevated privileges. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86iryz6rjy.fsf>