2002-10-06 23:47, Todd Flinders writes: > That was an active philisophical decision to not implement the GNU su that > way. According to Free as In Freedom, Stallman had many ethical problems > with the password implementation. The weakened security of su was > intentional. > > You'd think there'd be a wheel-style su for GNU/Linux on Sourceforge > somewhere, but I don't know. > > > > Dave, > > > > Does have advantages, I just wish I could set Linux up to do su like > > FreeBSD does. ONLY the users put into group wheel can su to root. > > period. access to files is determined by the groups you are in. If > > wwww is the group for you web server and you aren't in www you can't see > > or change those files... Makes group management a bit more tricky and > > probably isn't very user friendly for a desktop. But on a server with > > 100's of users limiting those who can go to root to 1 or 2 makes > > security a lot easier to manage. > > > > James
James, You may want to try mseclib(3)'s enable_pam_wheel_for_su() function. By default, only msec security level 5(paranoid level) enables it. But you can add it to /etc/security/msec/level.local no matter what your current level is, e.g. from mseclib import * enable_pam_wheel_for_su(1) Add the authorized users into wheel group, and then rerun 'msec <the_level_you_want>' to enable it. Does it work as FreeBSD? Please let me know. --KhoGuan Phuann
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
