why does redhat not make ksu setuid root?
Jacques A. Vidrine
nectar at FreeBSD.org
Wed Jul 24 14:21:41 EDT 2002
On Sun, Jul 21, 2002 at 02:47:38PM -0400, Elliot Lee wrote:
> > Avery> Why would redhat make ksu (at least in the 7.2 distro)
> > Avery> _not_ setuid root? kinda pointless for root to be the only
> > Avery> user who can ksu.
>
> The "right" solution would probably be to have a PAM module that su uses
> to check ~targetuser/.k5users, similar to the PAM module that does
> ~targetuser/.rhosts checking for rlogin/rsh.
>
> Just in case someone is bored enough to write code ;-)
See
<URL:http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libpam/modules/pam_ksu/>.
It is probably tightly coupled with FreeBSD's PAM and SU
implementations.
Cheers,
--
Jacques A. Vidrine <n at nectar.cc> http://www.nectar.cc/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
jvidrine at verio.net . nectar at FreeBSD.org . nectar at kth.se
More information about the Kerberos
mailing list