why does redhat not make ksu setuid root?
bbense+comp.protocols.kerberos.Jul.22.02@telemark.stanford.edu
bbense+comp.protocols.kerberos.Jul.22.02 at telemark.stanford.edu
Mon Jul 22 10:32:48 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
In article <Pine.LNX.4.44.0207211444340.853-100000 at devserv.devel.redhat.com>,
Elliot Lee <sopwith at redhat.com> wrote:
>> Avery> Why would redhat make ksu (at least in the 7.2 distro)
>> Avery> _not_ setuid root? kinda pointless for root to be the only
>> Avery> user who can ksu.
>
>The "right" solution would probably be to have a PAM module that su uses
>to check ~targetuser/.k5users, similar to the PAM module that does
>~targetuser/.rhosts checking for rlogin/rsh.
>
- - ksu does a lot more than su, you can use it as replacement for
sudo if you are sufficiently motivated. I'm not sure PAM is
sufficiently flexible enough to support these added features.
( Basically, you need to pass argc,argv down to the pam
routine. )
- - Booker C. Bense
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBPTwXjgD83u1ILnWNAQG3RAQAuN7tV+V62gPW6c5FSxpSG9kT7ji1jEe5
5Z1f1luCK7b7VrcgMNRXuthCBjRy1f+Wr+UqReatnk6Tyvw5inLis8bhJzySzFIC
L0qrs7yu8UoQoUhIhrHPBKDntmsxEDtwVp+Mv64W2SvEE5hrnUHt6KlkzvmXBe9O
cJldQh++YFM=
=p4uU
-----END PGP SIGNATURE-----
--
More information about the Kerberos
mailing list