Path: utzoo!utgpu!cs.utexas.edu!usc!elroy.jpl.nasa.gov!lll-winken!uunet!zephyr.ens.tek.com!tektronix!percy!m2xenix!quagga!proxima!frcs!paul
From: paul@frcs.UUCP (Paul Nash)
Newsgroups: alt.sources.d
Subject: Re: sux, an enhancer for su
Message-ID: <478@frcs.UUCP>
Date: 27 Apr 91 07:27:39 GMT
References: <462@frcs.UUCP> <7WYA.A2@xds13.ferranti.com>
Organization: Free Range Computer Systems CC
Lines: 30

Thus spake Peter da Silva (and many, many others):
>
> In article <462@frcs.UUCP> paul@frcs.UUCP (Paul Nash) writes:
> > I recently hacked up a fairly trivial enhancer for `su', that allows
> > members of group `wheel' to su at will _without_ needing the root
> > password.
>
> Can you say security problem? I knew you could. My boss did something
> like this until I talked him out of it.

Yes, this is a security problem.  However, I run a one-man-band,
and have an office 10 miles outside town.  For my applications,
I am far, far happier to give a cracker 5 or 6 ids that s/he can
attack than have to type a long-winded root password every time
I need to become root.

I also run a local not-quite-pubnix machine, that about 6 people
scattered around the country need root access to from time to time.
I prefer giving them `sux' to handing out the root password.

Sure, it's not all things to all men.  For people like me, though,
it is just great.  I know of about 8 people who view this as the
answer to their problems.  If you want security, however, remove
_all_ setuid programs, and make root NOLOGIN.  Oh, also turn off
the power, just in case.


 ---=---=---=---=---=---=---=---=---=---=---=---=---=---=---=---=---=---
Paul Nash				   Free Range Computer Systems cc
paul@frcs.UUCP				      ...!uunet!m2xenix!frcs!paul