[Pkg-shadow-devel] patch for su - 2

[Alexander Gattin]

Hi!

On Sat, Jun 04, 2005 at 07:58:06PM +0200, Tomasz Kłoczko wrote:
> Yes .. shadow must be adapted for system where admin privilidges 
> are not concentrated in account with UID=0.
> This IMO need some template solution which will consiste with two parts:
> 
> 1) detection are we in system with classisc administration where admin 
>    account it is account with UID=0,

I think if there _is at least one zero uid account_,
the system can be safely assumed "classic"...

> 2) depending on 1) handle case in classic way or not.

I think that sysadmin/operator of such a non-standard
system where uid==0 does _not_ correspond to
administrative account, should just supply intended
superusername manually -- `su superuser`/`su - superuser`.

At least until we find/develop a better solution.

> So IMO this patch is still incomplet.
> Some for above patrts are now implemented in SELINUX conditions.

Could you give us an example how are they implemented,
please?

-- 
WBR,
xrgtn