[Gllug] Why have root passwords at all?

[Matthew Cooke]

I quite like the system on some desktop platforms where certain operations 
require your user to escalate his privileges to do a certain operation (by 
typing in an admin password) rather than just logging in as admin/root all 
the time. I know Vista will have this functionality (like osX).

I also quite like idea that there is visual representation that your privs 
are currently escalated and that if you stop interacting with the system for 
a bit they drop back to normal.

I wonder if would be possible for this to apply to the commandline:

eg,

[bob at localhost]> /etc/init.d/httpd restart
You do not currently have permission, please type admin password: ****
httpd [stop]
httpd error

[bob^root at localhost] vi /etc/httpd.conf
etc, etc ...
no user input for a while or a certain command causes the escalated 
privileges to be lost.
[bob at localhost]

Perhaps it would be possible to intercept the attempt to execute a program 
which you don't have permission to at the kernel level (similar to SELinux) 
rather than having to rewrite all tools to support automatic privilege 
escalation.

Matt.


-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug