Jesse Pollard wrote:
>
> On Sun, 16 Apr 2000, Steve Dodd wrote:
> >On Sun, Apr 16, 2000 at 06:05:04PM -0500, Alan Curry wrote:
> >
> >> It really isn't user "old". su changes what user YOU REALLY ARE. That's what
> >> su MEANS. Substitute User. If you don't like it you can rm /bin/su. You don't
> >> need to bloat everybody's task_struct with this luid sillyness.
> >
> >What's the difference between su and login, then?
>
> 1. you can't switch to a user whose password you don't know with login.
> 2. su only asks for a password to root - if you have that you can go anywhere.
> 3. If root doesn't have the ability to do a setuser (capability based) then
> there is no difference,(or if su always required a password...)
--- Actually, there still is -- since at any point we can revert back to the original user w/o re-authentication -- unless we 'exec /bin/su' but that sorta defeats the point of 'su' which is to take on the privileges of a different user, *temporarily* and later return to the original UID. If we implement the semantics of 'su'ing to a user being allowed if an entry of the form "localhost <old user>" is in the new user's .rhosts file, again it could be done w/o a password. This is similar to an 'rsh -l newuser localhost'.-l
-- Linda A Walsh | Trust Technology, Core Linux, SGI law@sgi.com | Voice: (650) 933-5338
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:10 EST