Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!gamiddleton
From: gamiddleton@watmath.UUCP
Newsgroups: comp.unix.wizards,comp.unix.questions,comp.bugs.4bsd
Subject: Re: su modifications posted to net.sources
Message-ID: <5162@watmath.UUCP>
Date: Tue, 17-Feb-87 03:27:32 EST
Article-I.D.: watmath.5162
Posted: Tue Feb 17 03:27:32 1987
Date-Received: Tue, 17-Feb-87 19:15:20 EST
References: <160@quacky.mips.UUCP> <1599@mordor.s1.gov>
Reply-To: gamiddleton@watmath.UUCP (Guy Middleton)
Organization: University of Waterloo Institute for Computer Research
Lines: 16
Xref: watmath comp.unix.wizards:987 comp.unix.questions:1055 comp.bugs.4bsd:183

In article <1599@mordor.s1.gov> jdb@mordor.UUCP (John Bruner) writes:
> In general, you do NOT want "su" to search an "/etc/su_people".
> Having such a file multiplies the number of accounts which must
> be secured against intrusion.  It is difficult enough to protect
> one account (root).  With N entries in "/etc/su_people" there are
> (effectively) N root accounts which can be attacked.  It is much
> harder to protect N passwords, N accounts' files, etc. than it is
> to protect a single root password and the system directories.

We have made similar modifications to SU here, except that everybody in
/etc/super-users (our name for the file) has their OWN password, and root
itself usually has no password.  So to become root, you now have to know
two passwords: that of somebody in /etc/super-users, and their (private)
root password.

 -Guy Middleton, University of Waterloo MFCF/ICR, gamiddleton@watmath