dce@mips.UUCP (02/04/87)
Place the following in /usr/man/man5/su_people.5: -------------------------------- .TH SU_PEOPLE 5 .SH NAME su_people \- special access database for su .SH SYNOPSIS .B /etc/su_people .SH DESCRIPTION When .I su(1) is executed such that the user being subsituted is root (userid 0), the file .I /etc/su_people is searched to see if the user executing the command or the user logged in originally (if these are different) is priveleged enough not to have to give the password (this is called having free access). This is done as a convenience, and should not be taken lightly. .PP In order to stop any possible security hazards with this feature, .I /etc/su_people must have mode 0600 (read and write for owner only), owner 0 (root), and group 0 (wheel) or it will be ignored. In addition, if any syntax errors are found in the file, free access will be denied. .PP There are a number of different types of lines that can be placed in this file: .TP 4 \fB#\fP\fItext\fP Comment. This line is ignored. .TP 4 \fIusername\fP The named user is allowed free access. .TP 4 \fIusername\fP \fIhostname_list\fP The named user is allowed free access on the hosts named in \fIhostname_list\fP, which is a list of hostnames separated by spaces, tabs, and/or commas. .TP 4 \fIusername\fP \fB!\fP\fIhostname_list\fP The named user is denied free access on the hosts named in \fIhostname_list\fP, which is a list of hostnames separated by spaces, tabs, and/or commas. .SH "SEE ALSO" su(1)