[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Uninstallable Packages

On Thu, 7 Oct 1999, Roland Rosenfeld wrote:

> On Thu, 07 Oct 1999, Kurt D. Starsinic wrote:
> >     secure-su is also uninstallable.
> As far as I can see, secure-su is no longer available in potato.  It
> is replaced by the login package (including /bin/su) which is now
> linked with PAM and this behaves like the secure-su if you activate
> the line
> auth       required   pam_wheel.so
> in /etc/pam.d/su.

Alas, the pam_wheel module is not nearly as flexible as secure-su is. So,
I would argue there is no real replacement for secure-su.

- pam_wheel lets you specify which users are allowed to su to root and
  whether they need a password to do this or not.

- secure-su lets you specify which users are allowed to su to which other
  users and which of those users needs a password to do this. Take a look
  at suauth(5) (in the secure-su package). root is always allowed to su to
  another user without a password.

I have had a setup where the user 'news' has no valid password, yet there
was one user (the news administrator) that could su to news without typing
a password. No need to remember yet another password, no need to su to
root first. With the latest potato packages, this is no longer possible
(if it is, please tell me so).

rd1936: 12:15am  up 16 days,  4:05,  8 users,  load average: 4.81, 4.68, 4.00

Reply to: