Date sent: 4-AUG-1995 11:18:28
Hola!
I have good news. This works BEAUTIFULLY!!! My GREATEST, GREATEST, GREATEST
thanks to David Roberts (Perl EXPERT!!!! -- wonderful guy!). He provided me
with the following code. He was extremely helpful in assisting me with my
problem. He wrote this code as a result of me asking my question -- boy, did I
feel special!!! :) He even helped me troubleshoot problems I had with the
original code. And he was sooo generous as to let me post it as a SUMMARY to my
question. So, here's what you have to do to use his code. Just download it
onto your system, make the file executable by everyone, put in the names of the
people you want to be able to "su" to root, copy the original "su" command
(/bin/su) to /bin/su.real (you may also have one in /sbin/su). Make sure that
these files maintain the setuid bit. In addition, you will have to copy this
file to the /bin/su (and possibly the /sbin/su) directory (depending on how your
path is setup).
So, in short, all you have to do is the following:
** make sure you have a copy of perl on your system. If not, you may obtain a
tarred version at prep.ai.mit.edu via anonymous ftp.
1) download this file
2) edit this file to contain the names of the users you want to be able to
"su" to root. (auth_users)
3) chmod 755 this_file
4) cp /bin/su /bin/su.real
AND/OR
cp /sbin/su /sbin/su.real
5) cp this_file /bin/su
AND/OR
cp this_file /sbin/su
Again, thanks David!!
************************************************************************
** Debbie Jordan **
** UNIX Systems/Network Administrator/Systems Programmer **
** Advance, Inc. (Naval Surface Warfare Center - Dahlgren Division) **
** P.O. Box 1870 **
** Dahlgren, VA 22448 **
** Internet: djordan@relay.nswc.navy.mil **
** Office: (540) 653-8705 **
** Fax: (540) 653-1810 **
************************************************************************
>--- snip, snip ---
>#!/usr/local/bin/perl
>
>@auth_users = ('jjtwilbe', 'dgrobe1'); # Authorized root users
>$su = "/bin/su.real"; # The real su (not world executable)
>$user = `whoami`; # Current users
>chop($user); # Get rid of pesky newline
>
>while ( $_ = $ARGV[0]) { # Parse the command line
> shift;
> if (/^-/ ) { $get_env = $_ }
> elsif (/[a-zA-Z]*/) { $acct = $_ }
>}
>
>if (!$acct) { # If $acct is undef su to root
> if (grep(/$user/, @auth_users)) { exec("$su $get_env") }
> else { print "su: Sorry\n" }
>} else { exec("$su $get_env $acct") }
>--- snip, snip ---
>
>
> =<David Roberts>====================== _ \== \== |== /== ___/== /==
> =<dgrobe1@esusda.gov>================= /== /= /= /== |= /== /===== /==
> =<Systems Support Alternatives>======= /== /= __ /=== | /== __/===_/==
>=<UNIX System Administrator>========== /== /= /== /==== /== /=========
> _____/ _/ _/ _/ ____/ _/
>
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:30 CDT