On Tue, 2005-04-19 at 16:56, Matthew Miller wrote: > > By extension, such a mechanism could be applicable to the use of "su -". > > Instead of prompting for root's password, prompt foe the current user > > password, then see if that user is authorized to log on to root. > > Good idea. In fact, so good that it's already implemented. :) > > Although it's on a per-executable basis, not per-login. Check out the files > in /etc/security/console.apps/, and the man page for "userhelper". > (Particularly, look at the USER and UGROUPS variables.) If you let someone execute /bin/bash as another user it would be basically the same as allowing the login. -- Les Mikesell les@xxxxxxxxxxxxxxxx
