Re: shadow password
> > >
> > > root:x:0:root,"your loginname"
> > > ...
> > I don't like that. It seems unsafe to me. There's gotta be
> > a better solution
> >
> > Currently, I am putting in special users in /etc/suauth
> > but I only know the syntax for making su ask for the current
> > users passwd, and not root's. Would like to prompt it to
> > ask for root's password. Workaround anyone?
> >
> > Roger Endo
>
>
> yep, its safer to but the usernames in suauth
>
> looks like (file /etc/suauth):
>
> root:ALL EXCEPT login1,login2:DENY
>
> or
>
> root:ALL EXCEPT login1,login2,GROUP root:DENY
>
> watch out! keyword GROUP let the parser know that all words behind GROUP
> are group names - only the ":" escapes.
> the examples let the users login1 and login2 and all users in group root
> (2nd examp.) to get root access by enter the roots password, all others
> will receive the message access denied.
>
> root:login1:NOPASS
> root:login2:OWNPASS
> root:ALL EXCEPT login3:DENY
>
> let the user login1 get root access without passwd
> the user login2 have to put in his own passwd and
> the user login3 have to use the root passwd all other user cant get in
>
> so if you want the users login1 login2 and login3 to be promted for the
> root password you use:
>
> root:ALL EXCEPT login1,login2,login3:DENY
>
> hope that helps
>
> ciao Helmuth (irc: Pvppet)
>
> ______ Blasch Helmuth, Graz University of Technology, Austria
> \ / Computing and Information Services Center
> L\in/uX Steyrergasse 30/Parterre (CE04), 8010 Graz, Austria
> \/ Email: blasch@zid.tu-graz.ac.at Tel.: + 43 316 873 6883 (FAX 7699)
>
>
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
>
OK to chmod 640 suauth? What other files in the debian distribution
in /etc can be made more unreadable by the world? Seems like a shell
user can learn a lot by snooping around in /etc (i.e hosts.deny, hosts.allow)
Thanks,
Roger
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Roger Endo
President, Warp 9 Technologies LLC
SBnet, Internet for Santa Barbara
endo@sb.net
805-961-0150
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: