Re: Alternative to GNU's 'su' ?

From: David (thunderbolt01_at_netscape.net)
Date: 12/28/03 

Date: Sun, 28 Dec 2003 14:44:37 GMT

Baard Ove Kopperud wrote:
> Are there any alternatives (for Linux) to GNU's 'su' command... one
> that (may) honour the "weel" group and so for?
>
> Version 7.X of RedHat had a 'su' that could be configured with
> a file in /etc to *only* allow members of "wheel" to become
> root -- as well as list users allowed to become other users
> (including root) without being prompted for password --
> or by using their own "normal" password. Problem is, I
> don't know if this was an *alternative* 'su' or just a
> (very heavely) patched version of 'GNU's su'.
>
> I love Richard Stallman -- I even agree with much of
> his political views regarding software -- but I'd
> *still* like to have the *option* of using the "wheel"
> group as intended... in any case, I very much liked
> the sudo-like configuration.
>
> If anybody knows where I can download the source of
> the 'su' used by RedHat -- or a smiliar (better?) one
> -- it would be appriciated. I'd prefer the 'su'
> command alone, but packed together with other
> basic-commands is also good.

You can make "su" depend on the wheel group by using pam to do
it. I haven't used redhat in a while so this may have changed a
little since I switched.

Edit /etc/pam.d/su and add the lines below.
%PAM-1.0
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group=wheel

Then to add the user you want to be able to use "su" you need to
add them to the wheel group.

usermod -G10 username

The 10 in the line above should be the group ID for the wheel group.

As I said I haven't used redhat in a while so they may have
changed things some.
Hope this helps. 

-- 
Confucius:  He who play in root, eventually kill tree.
Registered with The Linux Counter.  http://counter.li.org/
Slackware 9.1.0 Kernel 2.4.23 SMP i686 (GCC) 3.3.2
Uptime: 9 days, 20:56, 1 user, load average: 1.11, 1.11, 1.08