Re: Shadow passwords and GNU su
> packages which support shadow passwords. I have found the following
> packages need 'shadowizing':-
>
> ssh (Hmmm... this is in Debian-non-US, and still needs to work
> with Debian 1.1/1.2)
I think there's a shadow ssh on
ftp://serek.arch.pwr.wroc.pl/pub/shadow/debian/
Can't log in to that ftp server to check right now.
> Secondly, what do we do with GNU su and shadow passwords? Since GNU su
> supports shadow passwords, but is not as secure as the su which is part of
> the shadow suite, it could become an undesirable security hole (someone
> wants to do a 'su', but is not in group 'root', so they just run
> '/sbin/gnu-su' instead).
>
> If we are going to move to shadow ASAP, I will upload the next shellutils
> without the GNU su binary.
Though gnu su isn't as secure, I _hate_ the su that comes with shadow. It
has a very different behavior than gnu su if you don't request that the
shell it gives you is a login shell. With gnu su, the HOME variable is
changed to point to the new user's home directory. With shadow su, it is
not. When I was using shadow su, I quickly got tired of suing to root and
then having programs deposit dotfiles in the home directory of the user I
su'd from. Sure, I could use su - to get a login shell and HOME would be
changed, but I typically want PWD to stay the same when I su.
Could there be a gnu-su package, for people like me who can't live without
it?
--
#!/usr/bin/perl -i=-/*/~%*~%/~~%/~~~-/*/_/=~~~-/====~~! # jeh22@cornell.edu
$o=35;$_="$^I-*!=====_!/";s/~/!*/g;s~%~-/ / ~g;$_.='--- Joey Hess
';s/=/__/g;y|*!| \\|;for(split/-/){print' 'x$o--."$_\n"}# a M.C. Escher fan
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: