First Last Prev Next    This bug is not in your last search results.
Bug 339 - Expiration Date for Sudo Rules
Expiration Date for Sudo Rules
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Sudo
1.7.0
PC Other
: normal enhancement
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-28 09:49 MST by John Bambenek
Modified: 2017-05-13 13:48 MDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Bambenek 2009-02-28 09:49:41 MST 
> I was wondering what the possibility of introducing a "drink by" date to
> a specific sudo rule is...
>
> For instance...
>
> root ALL=(ALL) ALL YYYYmmddhhmm
>
> And the functioning would basically check to see if the time is less
> than or equal to the timestamp given in the sudo file before giving
> access. It would be pretty useful in some enterprise settings I would
> imagine.
Comment 1 Mark Janssen 2010-03-30 04:12:45 MDT 
As long as you also build this support for LDAP-based rules

Something like this:

objectClass: sudoRole
cn: temp-something
sudoCommand: /bin/cat
sudoOption: noexec
sudoUser: joe
sudoHost: foo
sudoExpire: YYYYMMDDHHMM
Comment 2 Todd C. Miller 2011-01-28 16:59:21 MST 
Beginning with sudo 1.7.5 the LDAP-based rules support sudoNotBefore and sudoNotAfter attributes.  This is not currently available for files-based sudoers.
Comment 3 John Bambenek 2012-06-02 00:25:39 MDT 
Is it possible to get rule expiration for files-based sudo rules similar to what is available for LDAP?
Comment 4 Todd C. Miller 2017-05-13 13:48:34 MDT 
Sudo 1.8.20 supports "not before" and "not after" settings for file-based sudoers.
First Last Prev Next    This bug is not in your last search results.