want to restrict root to su only
William E. Davidsen Jr
davidsen at steinmetz.ge.com
Sat Jul 16 02:20:08 AEST 1988
In article <7285 at hqda-ai.ARPA> jay at hqda-ai.ARPA (Jay Hiser) writes:
|
| As delivered by CCI and used by my predecessors for years, my hosts
| allow root to login directly. Politics prevent me from limiting
| access to the root password as much as I'd like, but I can get away
| with making them use su only (they probably don't even know about the
| su.log :) ). Unfortunately, I don't have access to the source for
| login. My sys uses System V Rev 2 (CCI 2.22)). Root currently uses
| sh, since I'm the only one who knows csh (no ksh yet).
Suggestion; use this complex prigram as the login shell for root:
#include <stdio.h>
main() {
fprintf(stderr, "Use your login and 'su' to root\n")
sleep(2);
exit(1);
}
This will keep anyone from using the root login, and thereby force them
to do "su" into it. Some systems will use the login shell even when
doing "su root" rather than "su - root", but most of these have the
logname() call to allow checking on the original username. You caould
also check wtmp if you need to get fancy.
--
bill davidsen (wedu at ge-crd.arpa)
{uunet | philabs | seismo}!steinmetz!crdos1!davidsen
"Stupidity, like virtue, is its own reward" -me
More information about the Comp.unix.questions
mailing list