[rsbac] su utility that supports a separate password file
Sheplyakov Alexei
varg at thsun1.jinr.ru
Tue Aug 3 17:51:37 CEST 2004
On Tue, Aug 03, 2004 at 10:20:00AM -0400, Rob See wrote:
> Hi,
>
> Does anyone know of a su like utility that can be configured to use a
> different password file than the one the system uses ? My idea is to
> deny all other setuid access to secoff except for this utility which
> can store its password in a file controlled by secoff (so that root
> can't just change the password to get access) I've done a bit of
> searching, and the only things that have come close are from either
> 1990 or 1996, and they don't cleanly compile on Linux.
There is a PAM module libpam-pwdfile, you can use it with standard su.
See http://cpbotha.net/pam_pwdfile.html
More information about the rsbac
mailing list