su modifications posted to net.sources
gamiddleton at watmath.UUCP
gamiddleton at watmath.UUCP
Tue Feb 17 18:27:32 AEST 1987
In article <1599 at mordor.s1.gov> jdb at mordor.UUCP (John Bruner) writes:
> In general, you do NOT want "su" to search an "/etc/su_people".
> Having such a file multiplies the number of accounts which must
> be secured against intrusion. It is difficult enough to protect
> one account (root). With N entries in "/etc/su_people" there are
> (effectively) N root accounts which can be attacked. It is much
> harder to protect N passwords, N accounts' files, etc. than it is
> to protect a single root password and the system directories.
We have made similar modifications to SU here, except that everybody in
/etc/super-users (our name for the file) has their OWN password, and root
itself usually has no password. So to become root, you now have to know
two passwords: that of somebody in /etc/super-users, and their (private)
root password.
-Guy Middleton, University of Waterloo MFCF/ICR, gamiddleton at watmath
More information about the Comp.unix.questions
mailing list