-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/13/2010 07:00 AM, James Cammarata wrote: > > On Wed, 14 Apr 2010 08:35:56 -0400, Daniel J Walsh <dwalsh@xxxxxxxxxx> > wrote: >> sudo in RHEL6 and F11 and beyond added newrole type functionality to >> sudo. This package will not be back ported to RHEL5. (Sorry). >> One option would be to add newrole to a shell script executed by sudo. >> >> sudo audit.sh >> >> cat audit.sh >> newrole -r auditadm_r -t auditadm_t COMMAND >> >> Then add pam_rootok to /etc/pam.d/newrole > > That's a bit of a bummer. I had seen your discussions with the sudo devs > that was about a year or more old, so I was hoping this had found its way > into RHEL already. I'll test this workaround today and see if it does what > I want. > > Thanks! > > James C. > We are very careful of what we backport and sudo has not come up on the priority list. With Shipping versions of RHEL we are hesitant to make major modifications that could cause a regression. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvF0YMACgkQrlYvE4MpobPGzgCfQ3u1wyKbY1WPe+fRag26LJOJ P+cAoJn25VdzqcmshsjbF8u/cSGkQkli =4jz7 -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
