Bug 1003189
Summary: | sudo: RFE: tie identification and expiration to logind session, not tty | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Zbigniew Jędrzejewski-Szmek <zbyszek> |
Component: | sudo | Assignee: | Radovan Sroka <rsroka> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | kzak, rsroka |
Target Milestone: | --- | Keywords: | FutureFeature, Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-09-05 13:12:57 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Zbigniew Jędrzejewski-Szmek
2013-08-31 16:23:28 UTC
I'm not sure what you really want. Try to disable tty_tickets in sudoers, I think it would be sufficient. With tty_tickets disabled, I'd get a single ticket per user, which is too broad. With tty_tickets enabled, I get asked for a password in every tab of gnome-terminal, which gives me no additional security but is annoying. I guess that despite the name it's asking once per pty. I'm asking for the sudo authentication to be tied to an actual login session, as registered by logind. In that case I'd get separate authentication for logins on different physical seats and kernel ttys, much more meaningful. If you really want this feature, propose the ticket on upstream bugzilla https://bugzilla.sudo.ws/index.cgi. As a part of cleanup I'm closing this bugzilla. |