On 13-Mar-99 [EMAIL PROTECTED] wrote: > Andrew, > > You are right. Perhaps I shouldn't have sent the manpage. The su from > the shadow package included in slackware obeys /etc/suauth. The su from > gnu sh-utils included with RedHat, and, at a guess, Debian, pays no > attention to it. (Debian seems to me to be a slackwareish RedHat, not a > bad thing.) I installed the SRPM and built it, just to see what it > would do. You will have to make up your own mind whether it is better > security to require every user who needs root privilege to know the root > password, or to allow specific users root privilege. I could live with > either approach. :-). If you want su to obey suauth, you can use the > shadow package from slakckware (but it doesn't use PAM), or you can > probably find the original on sunsite/metalab. I'm not sure how Debian > is packaged, but you can probably find patches that could be adjusted to > make shadow use PAM; in fact I think the newest shadow package does, if > you configure it to. Perhaps by now you are sorry you asked. :-) > What I did is make 'su' executable only by root.wheel and that seems to work. -- Andrew *happiness is a clean pond* [PGP5.0 KeyID 0x5EE61C37]
