Alternative to GNU's 'su' ? - Questions

This is a discussion on Alternative to GNU's 'su' ? - Questions ; Are there any alternatives (for Linux) to GNU's 'su' command... one that (may) honour the "weel" group and so for? Version 7.X of RedHat had a 'su' that could be configured with a file in /etc to *only* allow members ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Alternative to GNU's 'su' ?

  1. Alternative to GNU's 'su' ?

    Are there any alternatives (for Linux) to GNU's 'su' command... one
    that (may) honour the "weel" group and so for?

    Version 7.X of RedHat had a 'su' that could be configured with
    a file in /etc to *only* allow members of "wheel" to become
    root -- as well as list users allowed to become other users
    (including root) without being prompted for password --
    or by using their own "normal" password. Problem is, I
    don't know if this was an *alternative* 'su' or just a
    (very heavely) patched version of 'GNU's su'.

    I love Richard Stallman -- I even agree with much of
    his political views regarding software -- but I'd
    *still* like to have the *option* of using the "wheel"
    group as intended... in any case, I very much liked
    the sudo-like configuration.

    If anybody knows where I can download the source of
    the 'su' used by RedHat -- or a smiliar (better?) one
    -- it would be appriciated. I'd prefer the 'su'
    command alone, but packed together with other
    basic-commands is also good.

    -Koppe

  2. Re: Alternative to GNU's 'su' ?

    Baard Ove Kopperud wrote:
    > If anybody knows where I can download the source of
    > the 'su' used by RedHat -- or a smiliar (better?) one
    > -- it would be appriciated. I'd prefer the 'su'
    > command alone, but packed together with other
    > basic-commands is also good.


    A search at google gave me this:

    www.geocities.com/shellmaniac/su.c

    It's also possible to download the SRPM (Source rpm) - first you find out
    which rpm su belongs to:

    $ rpm -qf `which su`
    coreutils-4.5.3-19.0.2

    Then you can find the SRPM at ftp.redhat.com. Though, I don't know RedHat
    well enough to know what to do with the SRPM.

    In the info for su, there is a chapter called "Why GNU su' does not support
    the wheel' group" - by Richard Stallmann. Maybe it would be an idea to read
    it before patching up su.

    --
    Tobias Brox - +47 917 000 50 - http://www.cs.uit.no/~tobias/
    Unemployed programmer, ready for assignments
    Check our Mobster game at http://mobster.td.org.uit.no/

  3. Re: Alternative to GNU's 'su' ?

    Baard Ove Kopperud wrote:
    > Are there any alternatives (for Linux) to GNU's 'su' command... one
    > that (may) honour the "weel" group and so for?
    >
    > Version 7.X of RedHat had a 'su' that could be configured with
    > a file in /etc to *only* allow members of "wheel" to become
    > root -- as well as list users allowed to become other users
    > (including root) without being prompted for password --
    > or by using their own "normal" password. Problem is, I
    > don't know if this was an *alternative* 'su' or just a
    > (very heavely) patched version of 'GNU's su'.
    >
    > I love Richard Stallman -- I even agree with much of
    > his political views regarding software -- but I'd
    > *still* like to have the *option* of using the "wheel"
    > group as intended... in any case, I very much liked
    > the sudo-like configuration.
    >
    > If anybody knows where I can download the source of
    > the 'su' used by RedHat -- or a smiliar (better?) one
    > -- it would be appriciated. I'd prefer the 'su'
    > command alone, but packed together with other
    > basic-commands is also good.


    You can make "su" depend on the wheel group by using pam to do
    it. I haven't used redhat in a while so this may have changed a
    little since I switched.

    Edit /etc/pam.d/su and add the lines below.
    %PAM-1.0
    auth sufficient /lib/security/pam_rootok.so debug
    auth required /lib/security/pam_wheel.so group=wheel

    Then to add the user you want to be able to use "su" you need to
    add them to the wheel group.

    usermod -G10 username

    The 10 in the line above should be the group ID for the wheel group.

    As I said I haven't used redhat in a while so they may have
    changed things some.
    Hope this helps.
    --
    Confucius: He who play in root, eventually kill tree.
    Registered with The Linux Counter. http://counter.li.org/
    Slackware 9.1.0 Kernel 2.4.23 SMP i686 (GCC) 3.3.2
    Uptime: 9 days, 20:56, 1 user, load average: 1.11, 1.11, 1.08

  4. Re: Alternative to GNU's 'su' ?

    Baard Ove Kopperud wrote:
    > Are there any alternatives (for Linux) to GNU's 'su' command... one
    > that (may) honour the "weel" group and so for?
    >
    > Version 7.X of RedHat had a 'su' that could be configured with
    > a file in /etc to *only* allow members of "wheel" to become
    > root -- as well as list users allowed to become other users
    > (including root) without being prompted for password --
    > or by using their own "normal" password. Problem is, I
    > don't know if this was an *alternative* 'su' or just a
    > (very heavely) patched version of 'GNU's su'.
    >
    > I love Richard Stallman -- I even agree with much of
    > his political views regarding software -- but I'd
    > *still* like to have the *option* of using the "wheel"
    > group as intended... in any case, I very much liked
    > the sudo-like configuration.
    >
    > If anybody knows where I can download the source of
    > the 'su' used by RedHat -- or a smiliar (better?) one
    > -- it would be appriciated. I'd prefer the 'su'
    > command alone, but packed together with other
    > basic-commands is also good.
    >
    > -Koppe


    I use 'sudo'. It's options are controlled via '/etc/sudoers', which can
    be set to give any combination of privilleges. For example, UserA could
    run proga and progb as a root (or any other user or group), or GroupA
    can run only progc as root (or any other user or group)., etc. Of course
    the command line will be different, but will serve the purpose.

    Quoted from 'sudoers' man page:

    The User specification is the part that actually
    determines who may run what.


    root ALL = (ALL) ALL
    %wheel ALL = (ALL) ALL


    We let root and any user in group wheel run any command on
    any host as any user.


+ Reply to Thread