3 .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
4 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
6 .\" Manual: File Formats and Conversions
7 .\" Source: File Formats and Conversions
10 .TH "SUAUTH" "5" "02/16/2011" "File Formats and Conversions" "File Formats and Conversions"
11 .\" -----------------------------------------------------------------
12 .\" * Define some portability stuff
13 .\" -----------------------------------------------------------------
14 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15 .\" http://bugs.debian.org/507673
16 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20 .\" -----------------------------------------------------------------
21 .\" * set default formatting
22 .\" -----------------------------------------------------------------
23 .\" disable hyphenation
25 .\" disable justification (adjust text to left margin only)
27 .\" -----------------------------------------------------------------
28 .\" * MAIN CONTENT STARTS HERE *
29 .\" -----------------------------------------------------------------
31 suauth \- detailed su control file
33 .HP \w'\fB/etc/suauth\fR\ 'u
39 is referenced whenever the su command is called\&. It can change the behaviour of the su command, based upon:
45 1) the user su is targetting
52 2) the user executing the su command (or any groups he might be a member of)
54 The file is formatted like this, with lines starting with a # being treated as comment lines and ignored;
60 to\-id:from\-id:ACTION
67 Where to\-id is either the word
68 \fIALL\fR, a list of usernames delimited by "," or the words
70 followed by a list of usernames delimited by ","
72 from\-id is formatted the same as to\-id except the extra word
75 \fIALL EXCEPT GROUP\fR
76 is perfectly valid too\&. Following
78 appears one or more group names, delimited by ","\&. It is not sufficient to have primary group id of the relevant group, an entry in
82 Action can be one only of the following currently supported options\&.
86 The attempt to su is stopped before a password is even asked for\&.
91 The attempt to su is automatically successful; no password is asked for\&.
96 For the su command to be successful, the user must enter his or her own password\&. They are told this\&.
99 Note there are three separate fields delimited by a colon\&. No whitespace must surround this colon\&. Also note that the file is examined sequentially line by line, and the first applicable rule is used without examining the file further\&. This makes it possible for a system administrator to exercise as fine control as he or she wishes\&.
106 # sample /etc/suauth file
108 # A couple of privileged usernames may
109 # su to root with their own password\&.
111 root:chris,birddog:OWNPASS
113 # Anyone else may not su to root unless in
114 # group wheel\&. This is how BSD does things\&.
116 root:ALL EXCEPT GROUP wheel:DENY
118 # Perhaps terry and birddog are accounts
119 # owned by the same person\&.
120 # Access can be arranged between them
121 # with no password\&.
138 There could be plenty lurking\&. The file parser is particularly unforgiving about syntax errors, expecting no spurious whitespace (apart from beginning and end of lines), and a specific token delimiting different things\&.
141 An error parsing the file is reported using
143 as level ERR on facility AUTH\&.