[csw-maintainers] (now about sudo)

Maciej (Matchek) Blizinski maciej at opencsw.org
Sat Dec 5 20:50:20 CET 2009


On Fri, Dec 4, 2009 at 7:51 PM, Philip Brown <phil at bolthole.com> wrote:
>> There's no
>>gain in installing both, as sudo_ldap pulls ldap packages, so all the
>>benefit of CSWsudo (without the dependency) is lost.
>
> I would have to disagree here. on multiple levels.
> But I'll just state the simplest useful reason to allow both:
>
> picture an environment where ldap is USUALLY used.  in this case,
> sudo_ldap would be routinely used.
>
> however, one day, "something bad happens", where both root login, and
> ldap information, is messed up.  It then becomes very very useful, to
> have sudo.minimal installed and ready to use, as a fallback cleanup
> tool.

Is it a case that you know how to reproduce, or is it just a hunch?
I'm asking, because I can't an obvious case of this problem.  If the
information that joe has sudo access is stored in ldap and ldap is
unavailable, joe will not get root with sudo.ldap nor sudo.minimal.
If the information that joe has access is stored locally, sudo.ldap
will look in both places and grant joe access.  Having sudo.minimal
installed doesn't make it any better or worse.

Regardless to whether it makes sense to have both packages installed
at the same time, we can consider the general case of providing
alternatives.  Let's suppose functionality baz provided by either foo
or bar.  We want to type "baz" and have the job done.  However, in
some cases we want to use foo or bar specifically.  How do we handle
that?

Maciej



More information about the maintainers mailing list