[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SU for group admin
Hi
Do not make this without protecting your /etc/passwd file it's very
dangerous because an simple user could take the root shell.
To resolve the problem you could write a program that turn in background
and detect all new root shell(the +loginname:...)and close the account and
mail to the supervisor a warning.
by.
Meir Faraj
On Tue, 1 Jul 1997, Peter Lorand Peres wrote:
> Date: Tue, 1 Jul 1997 18:16:15 +0300 (EET DST)
> From: Peter Lorand Peres <plp@actcom.co.il>
> To: Eizner Constantin <eizner@research.haifa.ac.il>
> Cc: linux-il@linux.org.il
> Subject: Re: SU for group admin
>
> You must write a C program or a set of scripts (less secure) that
> manipulate the /etc/groups file in an atomic way and that runs as (suid)
> root. This is NOT a trivial programming problem. There are bad security
> problems associated with this. The systemthat this imlpements needs to be
> at least as good as the system's passwd security.
>
> On Mon, 30 Jun 1997,
> Eizner Constantin wrote:
>
> > Hi all.
> > How can I get to some user options to change the users pasword only for
> > his group. SUDO doesn't help.
> > Any Idea?
> >
> > Any informatiob would be appreciated.
> >
>
> Peter Lorand Peres
> ------------------
> plp@actcom.co.il 100310.2360@compuserve.com
> http://ourworld.compuserve.com/homepages/plp
>
>
____________________________________________________
Meir
Faraj
E_mail:faraj@avoda.jct.ac.il
faraj@beitza.jct.ac.il
faraj@zara26.jct.ac.il
faraj@shekel.jct.ac.il
web:http://shekel.jct.ac.il:80/~faraj
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tel:972-2-6489089 / 02-6489089
972-50-982625 / 050-982625
address:21 avaad aleumi jerusalem
_______ _________ ____________
|___ _| / _________| \____ ______\
| | | | | |
| | | | | |
______/ / _ | |_________ _ | | _
|_______/ |_| \__________| |_| |_| |_|
____________________________________________________
References: