id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc
115	actively break sudo for users who aren't supposed to	geofft		"PAM is a good choice here.

So is replacing our uses of sudo internally (like LDAP backups from the scripts locker) with setuid wrappers, and making sudo not setuid a la Linerva. We know what's in /etc/sudoers, so we can do this."	defect	closed	major		internals	fixed