Path: utzoo!utgpu!watserv1!watmath!att!rutgers!cs.utexas.edu!sdd.hp.com!samsung!umich!vela!schemers From: schemers@vela.acs.oakland.edu (Roland Schemers III) Newsgroups: comp.unix.ultrix Subject: Re: ultrix 4.0 enhanced security Message-ID: <2818@vela.acs.oakland.edu> Date: 31 Aug 90 18:45:18 GMT References: <9008300308.AA06175@garnet.berkeley.edu> <1990Aug30.094913@decuac.DEC.COM> Reply-To: schemers@vela.acs.oakland.edu (Roland Schemers III) Organization: Oakland University, Rochester MI Lines: 29 In article rusty@garnet.berkeley.edu (rusty wright) writes: >I still can't get su to work with DECwindows; I downgraded the system >to UPGRADE level by editing the svc.conf file (as suggested by a >posting from a DEC employee) and it still complains about 'not a I remember reading in the 4.0 docs that su will ony work from a secure line in UPGRADE or SECURE mode. Its in Section 3.1.2.2 in the System Management Volume 1. If you want su to work in UPGRADE or SECURE mode then you should set the lines as secure in /etc/ttys. Of course this opens up a HUGE security hole. If you must run in UPGRADE or SECURE mode and use the su commmand, then you could always write your own modified version of 'su' and install it. This of course could be another huge security hole. I think they should have left su the way it was. Making it work only from a secure line in UPGRADE or EHANCED mode is a hassle. The way I have been doing it on campus (with Ultrix 3.1) is to make the su command executable only from the system group. Then only people in the system group can execute su. I feel normal users shouldn't have to use su anyways. They can just logout and log back in. We are currently running 4.0 in BSD mode, so we haven't run into this problem yet. Roland -- Roland J. Schemers III Systems Programmer schemers@vela.acs.oakland.edu (Ultrix) Oakland University schemers@argo.acs.oakland.edu (VMS) Rochester, MI 48309-4401 "Get off your LEF and do something!" (313)-370-4323