Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!brl-adm!adm!rbj@icst-cmr.arpa
From: rbj@icst-cmr.arpa
Newsgroups: comp.unix.wizards
Subject: su modifications posted to net.sources
Message-ID: <4562@brl-adm.ARPA>
Date: Thu, 19-Feb-87 22:02:43 EST
Article-I.D.: brl-adm.4562
Posted: Thu Feb 19 22:02:43 1987
Date-Received: Sat, 21-Feb-87 01:30:30 EST
Sender: news@brl-adm.ARPA
Lines: 15


   In general, you do NOT want "su" to search an "/etc/su_people".
   Having such a file multiplies the number of accounts which must
   be secured against intrusion.  It is difficult enough to protect
   one account (root).  With N entries in "/etc/su_people" there are
   (effectively) N root accounts which can be attacked.  It is much
   harder to protect N passwords, N accounts' files, etc. than it is
   to protect a single root password and the system directories.

Gee, that's easy! If account `fred' is in `/etc/su_people', then
you just have a file called `/etc/fred_people' :-)

	(Root Boy) Jim "Just Say Yes" Cottrell	<rbj@icst-cmr.arpa>
	Help! A 900 foot tall vision of Dennis Ritchie told me
	that if I don't get my 4.3 BSD tapes by March I'll die!