Re: Running remote commands through sudo/sec framework?
Re: Running remote commands through sudo/sec framework?
- Subject: Re: Running remote commands through sudo/sec framework?
- From: Rakka <email@hidden>
- Date: Fri, 29 Jul 2005 23:15:10 +1000
Thanks. I'll look into this as well.
I thought of a possible alternate way:
SSH is activated on the remote machine first. Then the user runs an
installer on the remote system that installs a setuid tool that
contains the required commands.
From the admin machine, I connect to the remote machine, then run
the tool.
Would that work?
Thanks.
On 29/07/2005, at 5:55 PM, Finlay Dobbie wrote:
On 7/29/05, Rakka <email@hidden> wrote:
That'd be good, however, this for a an application, and I think most
users shouldn't do anything other than enable SSH on their machines.
I wouldn't want everyone who uses the app to go and fiddle with the
sudoers file?
And also, before working on that, how would I check if the user is an
admin, after someone connects to their remote machine through my app?
It is possible to supply a username and password in a buffer to the
Security framework, which can then authorize against any of the rights
you need. Specify them with kAuthorizationEnvironmentUsername and
kAuthorizationEnvironmentPassword in the AuthorizationEnvironment you
pass in to AuthorizationCreate. You can then use Authorization
Services as you would if the user had authenticated locally.
Of course, you'll have to handle securely transferring the username
and password across the network yourself.
-- Finlay
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden