Re: Shadow passwords and 1.3
Stuart Lamble:
> Galen Hazelwood <galenh@micron.net> wrote:
> >Either I remove su from shellutils, or I compile GNU su to work with
> >shadow, which makes shadow-su obsolete. I really feel the latter
Better, create a separate small gnu-su binary package (also containing
the GNU su man page). It would conflict and replace shadow-su, and
vice versa (maybe there should be a new "su" virtual package?).
GNU su already works fine with both shadow and non-shadow passwords, no
need to recompile it for that - autoconf finds getspnam() in libc, and
does the right thing. BTW, here is a quick way to check if a binary
supports shadow passwords:
$ objdump --dynamic-syms /bin/su | grep getspnam
08000b78 DF *UND* 0000006d getspnam
$
(if there is no output, the program most likely doesn't support shadow
passwords - unless it reads /etc/shadow by hand like sulogin does, or it
was statically linked with libshadow.a, but that is not recommended now
that getspnam() is in libc).
> >is the better solution, unless shadow-su comes with really cool
> >features which GNU su lacks. The su manpage and info documentation
>
> As I understand it, shadow-su only allows a user to su to root if s/he
> is a member of the root (or would it be wheel?) group (gid 0). GNU su
You can configure much more than that, using the new /etc/suauth access
control file. See suauth(5) for details.
> sleep 28800 &
>
> and keep on working... :-)
Yup :-).
Marek
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: