Re: shadow password

To: blasch@zid.tu-graz.ac.at (Helmuth Blasch)
Cc: endo@sb.net, kaneda@aic.net.au, debian-user@lists.debian.org
Subject: Re: shadow password
From: Roger Endo <endo@sb.net>
Date: Tue, 26 Nov 1996 22:16:28 -0800 (PST)
Message-id: <[🔎] 199611270616.WAA23159@sb.net>
In-reply-to: <[🔎] Pine.LNX.3.95.961126102525.16258A-100000@flinux.tu-graz.ac.at> from "Helmuth Blasch" at Nov 26, 96 10:49:50 am

> > > 
> > > root:x:0:root,"your loginname"
> > > ...
> > I don't like that.  It seems unsafe to me.  There's gotta be
> > a better solution
> > 
> > Currently, I am putting in special users in /etc/suauth
> > but I only know the syntax for making su ask for the current
> > users passwd, and not root's.  Would like to prompt it to
> > ask for root's password.  Workaround anyone?
> > 
> > Roger Endo                            
> 
> 
> yep, its safer to but the usernames in suauth
> 
> looks like (file /etc/suauth):
> 
> root:ALL EXCEPT login1,login2:DENY
> 
> or
> 
> root:ALL EXCEPT login1,login2,GROUP root:DENY
> 
> watch out! keyword GROUP let the parser know that all words behind GROUP
> are group names - only the ":" escapes.
> the examples let the users login1 and login2 and all users in group root
> (2nd examp.) to get root access by enter the roots password, all others
> will receive the message access denied.
> 
> root:login1:NOPASS
> root:login2:OWNPASS
> root:ALL EXCEPT login3:DENY
> 
> let the user login1 get root access without passwd
> the user login2 have to put in his own passwd and
> the user login3 have to use the root passwd all other user cant get in
> 
> so if you want the users login1 login2 and login3 to be promted for the
> root password you use:
> 
> root:ALL EXCEPT login1,login2,login3:DENY
> 
> hope that helps
> 
>                                                ciao Helmuth (irc: Pvppet)
> 
>  ______    Blasch Helmuth,    Graz University of Technology, Austria
>  \    /           Computing and Information Services Center 
>  L\in/uX   Steyrergasse 30/Parterre (CE04), 8010 Graz, Austria
>    \/      Email: blasch@zid.tu-graz.ac.at  Tel.: + 43 316 873 6883 (FAX 7699)
> 
> 
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
> 
OK to chmod 640 suauth?  What other files in the debian distribution
in /etc can be made more unreadable by the world?  Seems like a shell
user can learn a lot by snooping around in /etc (i.e hosts.deny, hosts.allow)

Thanks,
Roger

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Roger Endo                            
President, Warp 9 Technologies LLC
SBnet, Internet for Santa Barbara
endo@sb.net
805-961-0150
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

References:
- Re: shadow password
  - From: Helmuth Blasch <blasch@zid.tu-graz.ac.at>

Prev by Date: Re: soft windows
Next by Date: Posting rejected - please read and agree to mailing list rules. (fwd)
Previous by thread: Re: shadow password
Next by thread: Xbase Installation Problems
Index(es):
- Date
- Thread