SUMMARY: SU and /etc/group: weird behaviour ......

From: Thomas Leitner <tom_at_finwds01.tu-graz.ac.at>
Date: Tue, 26 Nov 1996 18:51:54 +0100 (MET)

Hi,

After some suggestions from the list which did not work, I found
out the solution myself incidently.

What I did was to "chfn" all users. I've just used the default
values for everything and now the users can SU to root just as I want
it. Apparently something was wrong in the /etc/passwd file.

/etc/passwd now has:

tom:xxxxxxxxxxx:1033:26:Tom,,,:/home/tom:/bin/ksh
tomlocal:xxxxxx:1033:26:Tom Local Acct,,,:/home/tomlocal:/bin/ksh
tomsys:xxxxxxxx:1033:26:Tom System Acct,,,:/home/tomsys:/bin/ksh

rather than

tom:xxxxxxxxxxx:1033:26:tom:/home/tom:/bin/ksh
tomlocal:xxxxxx:1033:26:Tom Local Acct:/home/tomlocal:/bin/ksh
tomsys:xxxxxxxx:1033:26:Tom System Acct:/home/tomsys:/bin/ksh

which I was before.

This is sort of stange but it works now.

Thanks to: Marcel Bernards <bernards_at_ecn.nl>
           Peter R David <david_at_lama.stanford.edu>

for their suggestions.

This is my original posting:

On Fri, 22 Nov 1996, Thomas Leitner wrote:

>
> Hi,
>
> On an DEC 3000/600 running OSF1 V3.0, 358.78 I need to give certain
> users the ability to su to root. The usual way for that is just to put
> them in the system group in /etc/group.
>
> Now: As soon as I do this, these particular users cannot login anymore
> and I cannot even su to them:
>
> # head -1 /etc/group
> system:*:0:tom
> # su tom
> No shell
> # su - tom
> No directory
>
> When I take him out of the system group, everything works as normal:
>
> # head -1 /etc/group
> system:*:0:
> # su tom
> $ ^D
> # su - tom
> {testbox}/home/tom>
>
> I need to add, that there are several users with the same UID and GID
> in /etc/passwd:
>
> tom:xxxxxxxxxxx:1033:26:tom:/home/tom:/bin/ksh
> tomlocal:xxxxxx:1033:26:Tom Local Acct:/home/tomlocal:/bin/ksh
> tomsys:xxxxxxxx:1033:26:Tom System Acct:/home/tomsys:/bin/ksh
>
> and that the box is running in base (BSD) security but I don't think
> that this makes any difference.
>
> Any ideas anyone?

Tom

--------------------------------------------------------------------------
T o m L e i t n e r Dept. of Communications
                                            Graz University of Technology,
e-mail : tom_at_finwds01.tu-graz.ac.at Inffeldgasse 12
Phone : +43-316-873-7455 A-8010 Graz / Austria / Europe
Fax : +43-316-463-697
Home page : http://wiis.tu-graz.ac.at/people/tom.html
PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send
mail with subject "get Thomas Leitner" to pgp-public-keys_at_keys.pgp.net
--------------------------------------------------------------------------
Received on Tue Nov 26 1996 - 19:19:44 NZDT