[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SU for group admin
In 30 minutes one is said to be able to start, fight and win (loose) WW3.
AND you don't announce this so hackers can come prepared and work fast.
Apart from that, there is no script that can manipulate files atomically
(atomic means 'in a single time unit and without conflicts from other
programs' - nothing to do with bombs). The command that comes nearest to
this is 'mv'. You can in theory use mv to change a file atomically on a
Linux system iff :
a) The file is smaller than the block size of the file system
b) If all the programs that access it are known to use linear access and
can be relied upon not to store copies of the file.
cron uses some of this to work and also passwd. Both use locks to keep
other programs (and copies of themselves) away from the data files while
working.
As said before, this is NOT trivial.
On Wed, 2 Jul 1997, Constantin Eizner wrote:
> Alexander Indenbaum wrote:
> >
> > On Mon, 30 Jun 1997, Eizner Constantin wrote:
> >
> > > Hi all.
> > > How can I get to some user options to change the users pasword only for
> > > his group. SUDO doesn't help.
> > > Any Idea?
> > >
> > > Any information wouldbe appreciated.
> >
> > There is very unsafe and simple solution:
> > Write suid script which will do it.
>
>
> Ok. I founded another not conventional way to do it.
> I wrote CGI for Web that's check password for SU group , get him in
> and ask for username and new password. After lot of checking i put
> all information for a text file with only root permissions.
> I run in crontab every 30 minutes another script that check if
> group SU do not try to change password for user who not same GID
> or even ROOT.
>
> Any comments.
>
Peter Lorand Peres
------------------
plp@actcom.co.il 100310.2360 on CIS (please use Internet address for mail)
http://ourworld.compuserve.com/homepages/plp
References: