[debian-lan-devel] a ubuntuish gnome with an ACL to allow specific users to install stuff
Andreas B. Mundt
andi.mundt at web.de
Fri Sep 27 06:48:05 UTC 2013
Hi Julien,
many thanks for sharing your modifications and improvements!
Just a short comment, I am not sure if it's correct:
On Fri, Sep 27, 2013 at 12:00:28AM +0200, Julien Lambot wrote:
[...]
>
> +dn: cn=localadminsSynaptic,ou=sudoers,ou=gosa,dc=intern
> +objectClass: top
> +objectClass: sudoRole
> +sudoHost: workstation*
> +sudoHost: diskless*
> +sudoHost: guest*
> +cn: localadminsSynaptic
> +sudoRunAs: ALL
> +description: sudo rights to install additional packages on clients
> +sudoUser: admin
> +sudoCommand: sudo
^^^^
Doesn't this allow to run all commands in the end using sudo?
> +sudoCommand: /usr/sbin/synaptic
> +sudoCommand: /usr/bin/synaptic-pkexec
> +sudoCommand: /usr/bin/gpk-application
> +sudoCommand: /usr/bin/gpk-update-viewer
>
> Well... That was one of my users requirements.
> Comments welcome
Thanks again and best regards,
Andi
More information about the debian-lan-devel
mailing list