[development] "Sudo" Module

Mon Aug 9 17:53:20 UTC 2010

The same reason that sudo asks for a password again if you don't use  
it for a
while: someone may have sat down at your computer.

It would actually be better to ask for a password prior to doing  
*anything* that
could be damaging, but that's a separate issue.  Try posting a comment  
on
linked-in for example: auto-login allows you to read, but not write.

- Ken Winters

On Aug 9, 2010, at 1:33 PM, Matt Chapman wrote:

> Hi James,
>
> I curious about your reasoning for requiring a password? It seems like
> an example of "security" that only inconveniences the legitimate
> users.
>
> Both the modules mentioned provide an explicit permission to switch,
> ensuring that only authorized users have the capability, and both
> allow you to permit it without sharing a password that could be
> accidentally exposed to unauthorized users.
>
> It seems to me your proposed module weakens security for no practical
> benefit. Am I missing something?
>
> All the Best,
>
> Matt Chapman
> Ninjitsu Web Development
> ph: 818-660-6465 (818-660-NINJA)
> fx: 888-702-3095
>
> --
> The contents of this message should be assumed to be Confidential, and
> may not be disclosed without permission of the sender.
>
>
>
> On Mon, Aug 9, 2010 at 9:48 AM, James Benstead <james.benstead at gmail.com 
> > wrote:
>> Thanks - both of these modules solve half of the problem (i.e., the
>> switching part) - but neither seem to allow me to force the user to  
>> enter
>> the root password in order to switch to the root account. Very  
>> useful,
>> though; two new questions:
>>
>> If I were to build a module that was dependent on either masquerade  
>> or devel
>> switch user to provide the functionality I'm talking about, which  
>> module
>> would be the best foundation?
>> Is there a simple way I can mash-up this module with the regular  
>> user module
>> to do this? I'm guessing there must be.
>>
>> Thanks again, guys; the best bit about Drupal (and the Drupal  
>> community) is
>> not having to re-invent the wheel ;)
>> --Jim
>> --
>> My IM and Skype details are at http://state68.com/contact
>>
>> Paolo Mainardi:
>> http://drupal.org/project/masquerade
>> On 9 August 2010 17:40, Pedro Faria de Miranda Pinto <predofaria at gmail.com 
>> >
>> wrote:
>>>
>>> You can use devel module with switch user block
>>>
>>> On Mon, Aug 9, 2010 at 1:35 PM, James Benstead <james.benstead at gmail.com 
>>> >
>>> wrote:
>>>>
>>>> I'm very interested in UI design, and mapping the design of  
>>>> Drupal admin
>>>> interfaces to pre-existing, long-standing frameworks. I'm  
>>>> currently looking
>>>> for a module that allows a "site manager" to quickly switch to  
>>>> and from the
>>>> root user of a D6 site - in my mind's eye this module displays a  
>>>> block with
>>>> a password field and a submit button; entering the root password  
>>>> and hitting
>>>> the button is broadly equivalent to "sudo su" in Unix. Once the  
>>>> user has
>>>> root privileges, a click on the "step down" button in the same  
>>>> block returns
>>>> them to their saved regular session.
>>>> My question: does a module exists that does this, or gets close  
>>>> to this?
>>>> Or is it possible to cobble together this functionality by using  
>>>> existing
>>>> functionality in already-existing D6 modules?
>>>> Thanks,
>>>> --Jim
>>>> --
>>>> My IM and Skype details are at http://state68.com/contact
>>>
>>>
>>>
>>> --
>>> Pedro Faria de Miranda Pinto
>>> http://www.eusouopedro.com
>>> http://www.phpavancado.net
>>
>>