[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shadow password

On Mon, 25 Nov 1996, Roger Endo wrote:
> > On Tue, 26 Nov 1996, Fundamental wrote:
> > 
> > > I recently intsalled the shadow password packages to my system, everything
> > > seems to be going well accept for one minor hassle, my "normal" account cant
> > > become super-user.  When i try i get the message that i do not have
> > > permission to do so.  How do i get the permission?
> > 
> > you have to be in group root
> > 
> > file group:
> > 
> > root:x:0:root,"your loginname"
> > ...
> I don't like that.  It seems unsafe to me.  There's gotta be
> a better solution
> Currently, I am putting in special users in /etc/suauth
> but I only know the syntax for making su ask for the current
> users passwd, and not root's.  Would like to prompt it to
> ask for root's password.  Workaround anyone?
> Roger Endo                            

yep, its safer to but the usernames in suauth

looks like (file /etc/suauth):

root:ALL EXCEPT login1,login2:DENY


root:ALL EXCEPT login1,login2,GROUP root:DENY

watch out! keyword GROUP let the parser know that all words behind GROUP
are group names - only the ":" escapes.
the examples let the users login1 and login2 and all users in group root
(2nd examp.) to get root access by enter the roots password, all others
will receive the message access denied.

root:ALL EXCEPT login3:DENY

let the user login1 get root access without passwd
the user login2 have to put in his own passwd and
the user login3 have to use the root passwd all other user cant get in

so if you want the users login1 login2 and login3 to be promted for the
root password you use:

root:ALL EXCEPT login1,login2,login3:DENY

hope that helps

                                               ciao Helmuth (irc: Pvppet)

 ______    Blasch Helmuth,    Graz University of Technology, Austria
 \    /           Computing and Information Services Center 
 L\in/uX   Steyrergasse 30/Parterre (CE04), 8010 Graz, Austria
   \/      Email: blasch@zid.tu-graz.ac.at  Tel.: + 43 316 873 6883 (FAX 7699)

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: