pam_usb icon indicating copy to clipboard operation
pam_usb copied to clipboard
verified publisher icon mcdope

[Feature] Force second device for sudo

Open mcdope opened this issue 2 years ago • 10 comments

Understood

Yes, this is not a bug report / support request

Text

When #31 is done, it would be possible to implement a way to force a second device for sudo usage.

Example usecase: Office, School etc having usb keys for each user. Each user sometimes need to use sudo, like for example installing software. Admin could then visit the users desk, plug the sudo stick in, user runs command(s), admin walks away with his stick again. Or a shared family computer etc.

mcdope avatar Jan 09 '24 17:01 mcdope

How to implement:

  • <device> in <user> should have an attribute sudo, if present require this device for su(do) request

todo: check if this should be used for polkit or like that.

mcdope avatar Jul 20 '24 12:07 mcdope

Better idea: <option id="sudo_device">DeviceName</option> in <user> or global.

if global it would basically disallow sudo for users not having the sudo device configured though.

mcdope avatar Jul 23 '24 14:07 mcdope

Or put a <device> in <service id="sudo"> ?

Guess this is the best idea, because it doesn't restrict the feature to sudo

mcdope avatar Jul 23 '24 16:07 mcdope

todo: [ ] Modifiy opts->device_list to have sudo attribute [ ] Modifiy pusb_device_connected to only iterate devices having the attribute

mcdope avatar Aug 11 '24 12:08 mcdope