su modifications posted to net.sources

gamiddleton at watmath.UUCP gamiddleton at watmath.UUCP
Tue Feb 17 18:27:32 AEST 1987


In article <1599 at mordor.s1.gov> jdb at mordor.UUCP (John Bruner) writes:
> In general, you do NOT want "su" to search an "/etc/su_people".
> Having such a file multiplies the number of accounts which must
> be secured against intrusion.  It is difficult enough to protect
> one account (root).  With N entries in "/etc/su_people" there are
> (effectively) N root accounts which can be attacked.  It is much
> harder to protect N passwords, N accounts' files, etc. than it is
> to protect a single root password and the system directories.

We have made similar modifications to SU here, except that everybody in
/etc/super-users (our name for the file) has their OWN password, and root
itself usually has no password.  So to become root, you now have to know
two passwords: that of somebody in /etc/super-users, and their (private)
root password.

 -Guy Middleton, University of Waterloo MFCF/ICR, gamiddleton at watmath



More information about the Comp.unix.questions mailing list