Am Samstag, den 09.12.2006, 20:36 -0500 schrieb Matthew Miller: > On Sat, Dec 09, 2006 at 11:12:14PM +0100, Roger Grosswiler wrote: > > Of course, the program shouldn't be started in another way. > > i thought about sudo, but i left it. btw. /usr/bin/pup links to the > > consolehelper, the real app is in /usr/sbin/pup (?) > > consolehelper is another mechanism for providing sudo-like functionality. > Rather than changing the app to run with sudo, what you want to do is edit > the consolehelper config in /etc/security/console.apps/pup. 'man userhelper' > for the variables that can be set there -- probably what you want to do is > set "UGROUPS=wheel" in that file and then add all pup-privileged users to > the wheel group. (gpasswd wheel -a roger). > Tested and approved! Advantage: - no sudo-entry - still password-entry needed for update (according to the engagement of pam?) All i had to enter was the appropriate Group, i wanted to be able to update theirselves. Entry: UGROUPS=groupname This enables them, by typing their own password to update the system. IMHO, this is not a real security-hole. Some kind of naive trusting against the users should be. no user, no admin...of course, the question of checksummed repos should always be answered as yes. This is the point the make sure as a standard by admins. Thanks Roger
