1
1
In Windows UAC, if the user attempts to run an executable file, the OS will prompt the user whether or not they intend to run it. Similarly, if the application requires admin privs, the user is prompted to allow this. In both instances, the preference can be remembered, essentially appending to two whitelists. If the file is modified, it is removed from said whitelists and the user will be prompted again.
In linux we have a Sudoers file where we can specify files that can be run as root (Or any other user) without having to type in the password each time. This is great for applications that need to autostart with sudo permissions, especially in the case of a GUI app autostarting (With gksudo) but therein lies a security implication. If the file is modified, sudo without password ability is not removed. Is there any way to invoke this behavior?
I imagine that UAC uses file hashes to keep track of changes. I'm thinking there must be a way to handle this in Linux but I can't seem to find it as of yet.
xendi
Posted 2017-01-17T18:53:20.843
Reputation: 113
sudocommand is used to start somethig as a root (in general), without using root user password. caching a password for some time is only an addition. from what i understand you would likesudoto remove password from cache when it was cached for particular program and the content of it has changed? and remember forever for programs that doesn't change? – rsm – 2017-01-17T19:30:31.233and what should it do when libraries change? or config files? or environment settings (changing program behaviour)? it looks like whole another layer to me, complicated and not really necessary, since sudo cache password only for a short period of time, so whole this additional logic will get flushed constantly. – rsm – 2017-01-17T19:30:35.713
also, please check http://superuser.com/questions/242903/windows-uac-vs-linux-sudo?rq=1 question, there is nice OAC and
– rsm – 2017-01-17T19:38:42.433sudocomparison.