1.5.3


Old Stuff

 www.your-freedom.net
 www.secure-tunnel.com

Ticket #110 (closed enhancement: fixed)

Opened 3 years ago

Last modified 2 years ago

Root access not always necessary

Reported by: Stephan Assigned to: andrei
Priority: normal Milestone: AlmostVPN 0.9.13
Component: PreferencePanel Version: 0.9
Severity: normal Keywords: sudo root 1024
Cc:

Description

First of all I want to say thank you for that wonderful piece of software!!

If you don't use privileged ports you don't need root access. So AlmostVPN could be intelligent to decide if there are any privileged ports involved to switch to root accordingly.

The motivation behind this request is that there are users using only ports above 1024 to access a service. Why should they get granted root permission?

Thanks, Stephan

Change History

01/10/06 19:16:31 changed by andrei

  • keywords set to sudo root 1024.
  • status changed from new to assigned.
  • version set to 1.0.
  • milestone set to AlmostVPN 1.0.

Stephan,

Thank you very much for the compliment. I do hope that AlmostVPN helped at least few people to deal with SSH tunnels in more "Apple Like" way.

I am aware that "super user" privileges are NOT required for creating tunnels originating from ports above 1024. So if you are using AlmostVPN just to create POTs (Plain Old Tunnels ) you could do without it. But AlmostVPN is more then this. And it needs extra privileges to do some other stuff. At the same time, I have not heard too many complains about this particular requirement. So I assume that situation when user can not SUDO is not too common.

So bottom line is that I am definitely can not do anything about it for AlmostVPN. I might consider doing something with AlmostVPN/Pro (currently under development), but as of now I do not see too many reasons to do it.

Andrei

PS AlmostVPN/PRO does handle SUDO a little bit different. Unlike AlmostVPN it does not require that current user can SUDO. It still need user name/password for an account which authorized to SUDO, but it does not have to be current user.

01/11/06 11:45:58 changed by anonymous

Thanks for your answer.

I am a devotee to the philosophy that for everyday's work you should not use an adminstrator account (so that you can just destroy your data and not the whole system :-)

Anyway I would like to suggest a compromise: If you could list all the command which are executed with sudo, it should be possible (and really easy) to add them to the sudoers file. If you like I'll can convert your list to an appropiate sudoers entry and send it back to you. What do you think about that?

01/12/06 10:41:42 changed by andrei

Thank you for your offer. It is easy to give you a list of command I am using "SUDO" with (here it is)

  • expect
  • kill
  • ifconfig
  • nicl

But It is not so easy (impossible) to "translate" them in sudoers file. The thing is, I do not invoke any of these command directly. All invocations done via "bash". So from SUDO point of view, the only thing which ever gets executed is "bash".

Thanks again for the offer.

02/27/06 14:56:43 changed by andrei

  • status changed from assigned to closed.
  • version changed from 1.0 to 0.9.
  • resolution set to fixed.
  • milestone changed from AlmostVPN 1.0 to AlmostVPN 0.9.13.

It is possible now to run AlmostVPN without access to administrator account