Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: $Revision: 1.6.2.16 $; site ISM780B.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!genrad!decvax!yale!ISM780B!tim
From: tim@ISM780B.UUCP
Newsgroups: net.unix
Subject: Re: Automatic root login
Message-ID: <28400006@ISM780B.UUCP>
Date: Wed, 27-Nov-85 17:49:00 EST
Article-I.D.: ISM780B.28400006
Posted: Wed Nov 27 17:49:00 1985
Date-Received: Sat, 30-Nov-85 06:42:43 EST
References: <306@spock.UUCP>
Lines: 29
Nf-ID: #R:spock:-30600:ISM780B:28400006:000:1152
Nf-From: ISM780B!tim    Nov 27 17:49:00 1985


For a while one place I was at did the following:

	There was a file that contained names of people who were
	allowed to be root, and encrypted passwords for each person.

	To become root you run a program, 'nsu', which has the same
	user interface as 'su' ( and much of the same insides... ),
	which checks to see if you are in the file, and you know the
	password in the file.

	There is a program, 'npasswd', which changes your password in
	the previously mentioned file.

Each person who could become root would have a different password for
'nsu'ing.  So to break into root, one would have to both get on the
account of someone who was allowed to 'nsu', and know that persons
'nsu' password.  It would be easy for it to ask also for the password
of the person trying to 'nsu', so that they must know both passwords,
instead of just watching you 'nsu' once, and waiting for you to leave
a terminal unattended.

Also, if you decide to take root access away from someone, you can
simply remove them from the file.  You don't have the hassle of telling
everyone else the new root password.

						Tim Smith
						ima!ism780!tim
						ihnp4!cithep!tim