Return-Path: 
 <users-return-1800-apmail-sling-users-archive=sling.apache.org@sling.apache.org>
X-Original-To: apmail-sling-users-archive@minotaur.apache.org
Delivered-To: apmail-sling-users-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 4344997F1
	for <apmail-sling-users-archive@minotaur.apache.org>;
 Tue, 28 Feb 2012 00:29:56 +0000 (UTC)
Received: (qmail 97085 invoked by uid 500); 28 Feb 2012 00:29:56 -0000
Delivered-To: apmail-sling-users-archive@sling.apache.org
Received: (qmail 97035 invoked by uid 500); 28 Feb 2012 00:29:56 -0000
Mailing-List: contact users-help@sling.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@sling.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@sling.apache.org>
List-Post: <mailto:users@sling.apache.org>
List-Id: <users.sling.apache.org>
Reply-To: users@sling.apache.org
Delivered-To: mailing list users@sling.apache.org
Received: (qmail 97027 invoked by uid 99); 28 Feb 2012 00:29:56 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Feb 2012 00:29:56 +0000
X-ASF-Spam-Status: No, hits=-1.6 required=5.0
	tests=RCVD_IN_DNSWL_MED,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [74.125.149.155] (HELO na3sys009aog126.obsmtp.com)
 (74.125.149.155)
    by apache.org (qpsmtpd/0.29) with SMTP; Tue, 28 Feb 2012 00:29:50 +0000
Received: from mail-lpp01m010-f42.google.com ([209.85.215.42]) (using TLSv1)
 by na3sys009aob126.postini.com ([74.125.148.12]) with SMTP
	ID DSNKT0wf5xC2IPwxnbf+01P3QA6RNYEK09rv@postini.com;
 Mon, 27 Feb 2012 16:29:30 PST
Received: by mail-lpp01m010-f42.google.com with SMTP id l5so2140594lah.29
        for <users@sling.apache.org>; Mon, 27 Feb 2012 16:29:27 -0800 (PST)
Received-SPF: pass (google.com: domain of nangell@rsmart.com designates
 10.152.122.74 as permitted sender) client-ip=10.152.122.74;
Authentication-Results: mr.google.com;
 spf=pass (google.com: domain of nangell@rsmart.com designates 10.152.122.74
 as permitted sender) smtp.mail=nangell@rsmart.com
Received: from mr.google.com ([10.152.122.74])
        by 10.152.122.74 with SMTP id lq10mr15062349lab.7.1330388967104
 (num_hops = 1);
        Mon, 27 Feb 2012 16:29:27 -0800 (PST)
MIME-Version: 1.0
Received: by 10.152.122.74 with SMTP id lq10mr12534418lab.7.1330388966897;
 Mon, 27 Feb 2012 16:29:26 -0800 (PST)
Received: by 10.152.125.19 with HTTP; Mon, 27 Feb 2012 16:29:26 -0800 (PST)
In-Reply-To: 
 <CAH=Gj-n+onTrVLy=Qsa1av0qHqCf++oZAp7=fWBtu3m8BuX-yQ@mail.gmail.com>
References: 
 <CAK7GLAS20fYRa+MGG-chJXTL9du7Xhk263Ag4u-B-E__3Hnr5g@mail.gmail.com>
	<CAH=Gj-kGxcYokie23unS=6HjT9PiAbZdUKquXEFM4_3X9y5K-w@mail.gmail.com>
	<CAK7GLARnqhoCjW8dGoC+4MCgb9eUX+bXvncUSuo4GyEbXdWZ7w@mail.gmail.com>
	<CAH=Gj-nnQZ0HKP2UfCdcF-5gzOLgnV9qjqfzK=gQ6EM1L+aACQ@mail.gmail.com>
	<CAK7GLATOpqxc3JrBjvUpO-FOsiNBZHsapV==eCG0mUTO-yuPjQ@mail.gmail.com>
	<CAH=Gj-n+onTrVLy=Qsa1av0qHqCf++oZAp7=fWBtu3m8BuX-yQ@mail.gmail.com>
Date: Mon, 27 Feb 2012 16:29:26 -0800
Message-ID: 
 <CAK7GLAR2tMMUdPikh3QE1xtMFAdb4=jOi-hJnUND699iU0YJPw@mail.gmail.com>
Subject: Re: additional sudoers?
From: Nate Angell <nangell@rsmart.com>
To: users@sling.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: 
 ALoCoQn2j6TqagVXzbTOymBezdx5I+dB4pHrflsWbx5DDEVAtztVrMUSqZ06QemtXtj53HaZrjzX

To sudo, you authenticate as the "root" admin user and navigate to
something of the form as folows to sudo as, in this case, the user
"xolotl".

http://localhost:8080/?sudo=3Dxolotl

Which sets a cookie named "sling.sudo"

Name:	sling.sudo
Content:	"\"xolotl\""
Domain:	localhost
Path:	/
Send For:	Any kind of connection
Accessible to Script:	Yes
Created:	Monday, February 27, 2012 4:25:04 PM
Expires:	When I quit my browser

I originally discovered this method in some Sling documentation that
for some reason I'm now unable to find ;)

=3D nate

On Mon, Feb 27, 2012 at 2:04 PM, Ian Boston <ieb@tfd.co.uk> wrote:
> On 28 February 2012 05:27, Nate Angell <nangell@rsmart.com> wrote:
>> Thanks for helping think this through Ian...I certainly wouldn't
>> presume to tell you how the system you wrote behaves ;)
>
> hey, no problem. You must tell me how it behaves, most of the time it
> misbehaves :)
>
>>
>> My experiments show that when one impersonates a user, and then
>> creates a Sakai OAE doc while impersonating, the following values
>> associated with that document are aligned with the user being
>> impersonated (in this example the admin user was impersonating the
>> xolotl user):
>>
>> {
>> =A0 =A0"_created": 1330366895100,
>> =A0 =A0"_createdBy": "admin",
>> =A0 =A0"_id": "4YnjwGFvEeGYOZaTCgABEA+",
>> =A0 =A0"_lastModified": 1330366896495,
>> =A0 =A0"_lastModifiedBy": "xolotl",
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> That proves it works !
>
> Out of interest, how are you performing the sudo and what cookies do
> you see in the client once you have sudoed ?
>
> Ian