Re: shadow password
On Mon, 25 Nov 1996, Roger Endo wrote:
> > On Tue, 26 Nov 1996, Fundamental wrote:
> >
> > > I recently intsalled the shadow password packages to my system, everything
> > > seems to be going well accept for one minor hassle, my "normal" account cant
> > > become super-user. When i try i get the message that i do not have
> > > permission to do so. How do i get the permission?
> >
> > you have to be in group root
> >
> > file group:
> >
> > root:x:0:root,"your loginname"
> > ...
> I don't like that. It seems unsafe to me. There's gotta be
> a better solution
>
> Currently, I am putting in special users in /etc/suauth
> but I only know the syntax for making su ask for the current
> users passwd, and not root's. Would like to prompt it to
> ask for root's password. Workaround anyone?
>
> Roger Endo
yep, its safer to but the usernames in suauth
looks like (file /etc/suauth):
root:ALL EXCEPT login1,login2:DENY
or
root:ALL EXCEPT login1,login2,GROUP root:DENY
watch out! keyword GROUP let the parser know that all words behind GROUP
are group names - only the ":" escapes.
the examples let the users login1 and login2 and all users in group root
(2nd examp.) to get root access by enter the roots password, all others
will receive the message access denied.
root:login1:NOPASS
root:login2:OWNPASS
root:ALL EXCEPT login3:DENY
let the user login1 get root access without passwd
the user login2 have to put in his own passwd and
the user login3 have to use the root passwd all other user cant get in
so if you want the users login1 login2 and login3 to be promted for the
root password you use:
root:ALL EXCEPT login1,login2,login3:DENY
hope that helps
ciao Helmuth (irc: Pvppet)
______ Blasch Helmuth, Graz University of Technology, Austria
\ / Computing and Information Services Center
L\in/uX Steyrergasse 30/Parterre (CE04), 8010 Graz, Austria
\/ Email: blasch@zid.tu-graz.ac.at Tel.: + 43 316 873 6883 (FAX 7699)
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: