[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Shadow passwords and 1.3

Stuart Lamble:
> Galen Hazelwood <galenh@micron.net> wrote:
> >Either I remove su from shellutils, or I compile GNU su to work with
> >shadow, which makes shadow-su obsolete.  I really feel the latter

Better, create a separate small gnu-su binary package (also containing
the GNU su man page).  It would conflict and replace shadow-su, and
vice versa (maybe there should be a new "su" virtual package?).

GNU su already works fine with both shadow and non-shadow passwords, no
need to recompile it for that - autoconf finds getspnam() in libc, and
does the right thing.  BTW, here is a quick way to check if a binary
supports shadow passwords:

$ objdump --dynamic-syms /bin/su | grep getspnam
08000b78      DF *UND*  0000006d getspnam

(if there is no output, the program most likely doesn't support shadow
passwords - unless it reads /etc/shadow by hand like sulogin does, or it
was statically linked with libshadow.a, but that is not recommended now
that getspnam() is in libc).

> >is the better solution, unless shadow-su comes with really cool
> >features which GNU su lacks.  The su manpage and info documentation
> As I understand it, shadow-su only allows a user to su to root if s/he
> is a member of the root (or would it be wheel?) group (gid 0). GNU su

You can configure much more than that, using the new /etc/suauth access
control file.  See suauth(5) for details.

> sleep 28800 &
> and keep on working... :-)

Yup :-).


TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: