SUMMARY: Disabling su

From: Dave Roberts (djr@saa-cons.co.uk)
Date: Thu May 30 1996 - 07:50:33 CDT


-- Oringinal query snippet --
> There are a number of "accounts" on my system which everyone needs access
> to, therefore the password is known by all. These accounts though, run a
> menu from the .profile. What I want to do is stop people su'ing to
> these accounts, therefore by-passing the menu... but at the same time
> allow them to su to other accounts.
-- END --

Thanks to: Gene Rackow <rackow@mcs.anl.gov>, Matt Hill
<MHILL@graver.com>, George Goffe <grgoffe@alexandria.arc.nasa.gov>, Kevin
Lyda <kevin@NDA.COM>, Dale Gilmore <sgccdmg@citec.qld.gov.au>,
mattb@deakin.edu.au.

Differing viewpoints, but essentially there is no users attribute to set
for this kind of feature.

Hacks included sudo, su2 and something proprietary soon to be released.

Think I'll have to go back to my original plan (which I didn't wanna do),
and hack the sources for BSD's su to look at a file similar to
cron.deny. In the meantime, I've changed the permissions on su, so that
no-one can execute apart from root.

Dave Roberts | "Surfing the Internet" is a sad term for sad people.
Unix Systems Admin | Get a board, find a beach, surf some REAL waves and
SAA Consultants Ltd | get a *real* life.
Plymouth, U.K. | -=[For PGP Key, send mail with subject of "get pgp"]=-



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:00 CDT