jeffl@comix.UUCP (Jeff Liebermann) (02/04/91)
chip@chinacat.Unicom.COM (Chip Rosenthal) writes: >>I don't like this solution. Does anyone have a better idea? >Sure. Create another user login, say `rootx', which is an exact duplicate >of `root', except you use `/bin/csh' as the login shell. >WHOOOPS!!! Oh...you said SCO. Never mind. SCO has decided for you that >you wouldn't want to create two accounts with the same UID. >Fuck relaxed mode. Please give me an off switch. Relax. It can be done (manually) I have 2 root level logins: root (the original stock incantation) rootksh (root permissions under the Korn Shell) To do this: 1. Create an ORDINARY bourne shell user called rootksh using the sysadmsh menus. Any UID and any GID. These will be edited later. 2. Edit /etc/passwd to something like this: root:*:0:1:Superuser:/: rootksh:*:0:1:Superuser:/u/rootksh:/bin/ksh You don't need to edit /etc/group. Be sure NOT to leave any blank lines in /etc/passwd or C2 will complain bitterly. 3. Now manually overwrite the tcb stuff with the real "root". cp /tcb/files/auth/r/root /tcb/files/auth/r/rootksh chmod 660 /tcb/files/auth/r/rootksh chown root /tcb/files/auth/r/rootksh chgrp root /tcb/files/auth/r/rootksh and edit the result changing u_name to rootksh. Mine looks like this now: rootksh:u_name=rootksh:u_id#0:\ :u_pwd=sOBiCSbdYPUMs:\ :u_type=root:u_owner=root:u_cmdpriv=audit,auth,su,backup,queryspace,cron,lp,printqueue,printerstat,mem,sysadmin,terminal,uucp:\ :u_syspriv=suspendaudit,configaudit,writeaudit,execsuid,nopromain,chmodsugid,chown:\ :u_minchg#0:u_exp#0:u_life#0:u_succhg#635564084:\ :u_pickpw:u_genpwd:u_restrict@:u_suclog#665638924:\ :u_suctty=tty02:u_unsuclog#665232858:u_unsuctty=tty02:u_maxtries#0:\ :u_lock@:chkent: Note that the u_pwd field is copied from root and is exactly the same as the one for root. The catch is that if you change the root password, you MUST manually edit the one for rootksh as the command: passwd rootksh does NOT work. 4. Now attack the subsystem database: cd /etc/auth/subsystems You will find 9 configuration files that have the authorizations for "root" in them. Duplicate the line for root changing the "root" to "rootksh" in each of the 9. You do not need to change dflt_users. For example, my /etc/auth/subsystems/cron file looks like this: root:cron rootksh:cron jeffl:cron (rest deleted) 5. Now check if everything is correct with: /tcb/bin/authck -a If it complains, fix it. 6. The only other tricks are getting $HOME and $LOGNAME correct. I do this in the .profile file. export HOME=/ export LOGNAME=root export MAIL=/usr/spool/mail/root These overwrite the defaults set in -ksh and /etc/profile. If you use ksh and 3.2.2, job control will hang any script that writes to stdout from the background. To eliminate this add: set +m in your .profile. End of problem and end of job control. Another trick is to add to your /etc/default/login file: OVERRIDE=tty01 This prevents C2 from locking you out of your own machine. I've been using these tweaks in 3.2.0 and 3.2.2 without difficulty. I have NOT tried this under csh because ksh is so superior. Disclaimer: Not connected with or authorized by SCO in any way. -- # Jeff Liebermann Box 272 1540 Jackson Ave Ben Lomond CA 95005 # (408)336-2558 voice (408)429-0483 digital pager wb6ssy CIS:73557,2074 # PC REPAIR & RF DESIGN uunet!comix!jeffl ucscc.ucsc.edu!comix!jeffl # universe!milky_way!solar_system!earth!na!us!uunet!comix!jeffl