alekAST.LMCO.COM

• Next message: Peter C. Norton: "Re: Disabling direct access"
• Previous message: Hal Flynn: "Re: Disabling direct access"
• Maybe in reply to: Ron Woerner: "Disabling direct access"
• Maybe reply: Alek O. Komarnitsky (N-CSC): "Re: Disabling direct access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: Mark Luntzel <markneurosis.net>
> Subject: Re: Disabling direct access
> To: FOCUS-SUNsecurityfocus.com
>
> > I've got some [not much] exposure to 'sudo'. I have a specific need that I
> > am looking to fulfill that I think 'sudo' may be able to do... I need to
> > control access to binary executables which are called from an iPlanet
> > server; iPlanet is running in user "nobody" context" my guess is that I'd
> > invoke these executables via 'sudo' using a controlled userID [disabled
> > password and no login shell]. My big question is how much overhead is there
> > with 'sudo', can it handle high volume activity (perhaps multiple calls per
> > second)?
>
> ah. unless I am mistaken, you will not be able to accomplish this with sudo. you will still need fingers to enter in passwords (password-less accounts? ew).

Not true ... sudo allows one to configure an account/user so that
*NO* prompt for the password is required ... not something that is
typically recommended ... but makes some sense for "batch" oriented
processes (hopefully with a controlled account/environment).

alek

P.S. Per previous posting, I don't think sudo imposes much overhead;
but best approach would be to try it ... I'd be curious to hear the results.

• Next message: Peter C. Norton: "Re: Disabling direct access"
• Previous message: Hal Flynn: "Re: Disabling direct access"
• Maybe in reply to: Ron Woerner: "Disabling direct access"
• Maybe reply: Alek O. Komarnitsky (N-CSC): "Re: Disabling direct access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]