Home » Linux Support » Linux Support – Configuring su for Security
linux flavour

Linux Support – Configuring su for Security

Various

Issue #41, September 1997

Our experts answer your technical questions.

The .plan File

What are the .plan and .project files read by the finger command and what should they contain? —Chris MasonSlackware 2.0.29

In the good old days before the Web, there were no home pages. Instead, if I wanted to find out more about someone, I would “finger” them. The finger command asks the server to display information about a user, including the contents of the user’s .plan and .project files. You can put any information you wish in these files: your name, e-mail address, fax and phone numbers or favorite sayings.

Note that many system administrators consider the finger command to be a potential security risk and have turned it off, so don’t be surprised if you “finger” someone and receive a message along the lines of “access denied”. Also, many implementations of finger read only the .plan file. —Vince Waldon vwaldon@skynet.uah.ualberta.ca

Linux and Pentiums

I have a PC with an Intel Pentium 150. Will Linux run on it? I’ve heard it runs on a 386 or a 486 but has trouble with certain IBMs—I’m not sure which ones. —Noah Roberts

You should have no problem running Linux on the machine you describe. Early versions of the Linux kernel were unable to support true IBM machines that used the microchannel architecture or MCA (the PS\2 line). That’s probably the IBM computer referred to. —Vince Waldon vwaldon@skynet.uah.ualberta.ca

Spinning Hard Drive

My hard drive spins up and spins down constantly. There is a kernel patch called no_idle on Sunsite [http://sunsite.unc.edu/] to fix this problem, but when I attempt to apply the patch I get a reject file. It seems that the Makefile for the disk drivers has now been created, and as a result, the patch does not apply correctly. I am running 2.0.0. I would like to know if there is something else I could do to stop the spinning. I would appreciate any help. —John BarnitzSlackware 3.1

Most likely you need to find the hdparm package and use it to set the spin down times. I know it can do this for IDE drives. If it’s not part of your distribution, you can find it on Sunsite. —Donnie Barnes, Red Hat Software redhat@redhat.com

SCSI Drivers

Are there any drivers that provide SCSI support on the motherboard? —Ryan Red Hat 4.1

That depends on the type of SCSI you wish to use. You can check the hardware compatibility lists at http://www.redhat.com/. —Donnie Barnes, Red Hat Software redhat@redhat.com

Non-English Keyboard Characters

After installing Linux, I noticed I am missing an option available in MS Windows: the US-International keyboard layout. This layout lets anyone with a US keyboard type the special punctuation needed for foreign languages. I live in Puerto Rico, and most, if not all, keyboards sold here are US versions. Since I write mostly in Spanish, I am interested in learning how to make a keymap that emulates Windows’ US-International layout. Is there any information about the subject or any already-made keymap file that fits the job? —Carlos M. Fernandez Red Hat 4.1

There may indeed be a keyboard mapping that fits your keyboard. If not, you will have to take one that is close to your desired arrangement and modify it.

You should obtain the kbd package from ftp://sunsite.unc.edu/pub/Linux/system/keyboards/kbd-0.98.tar.gz. It contains tools, documentation and examples that will assist you in your remapping project. It also contains a file called kbd.FAQ, which contains answers to frequently asked questions about the operation of the keyboard under Linux. —Chad Robinson, BRT Technical Services Corporation chadr@brttech.com

Configuring su for Security

I have a problem with hackers and one security hole is the command su. I have several users on my system. While I don’t want to eliminate the capability of these users to change to other IDs, I do want to eliminate the capability to use su to change to root for all except one or two users. Is this possible? —Are Tysl Slackware 3.1

You may be missing a handy program called sudo, which you can obtain from your nearest Sunsite mirror. This program allows you to configure su actions for each user based on who the user is and what you wish him to be able to access.

If that does not meet your goal, why not fall back to the standard Unix security functions? Create a new group called su. Change the group on /bin/su from bin to su. The permissions are most likely 4755 (-rwsr-xr-x), which means anybody can execute it and the program will execute as root.bin.

You can then change the permissions of /bin/su. Try changing them to 4750 (-rwsr-x—), which allows root or any user in the su group to execute it. Then you can put those users you wish to have su privileges in the su group. —Chad Robinson, BRT Technical Services Corporation chadr@brttech.com

Man Page Display

How do I use man? For example, when I enter:

man ls

I get a blank screen with a weird message at the bottom of the screen—something like 1/1. Whatever I enter, it beeps at me. —Josh Gray Slackware 3.2

Check whether there are any files in the /usr/man/manx directory (where x is a number, usually from 1 to 8). You should find several different files with names like gpm.1. Each of these files is a man page. Whenever you use the man command, you get a processed version of the file corresponding to the command specified (for the ls command, it is the ls.x file). For this file to be processed, the groff utility must be installed. groff is usually found in the /usr/bin directory. —Mario de Mello Bittencourt Neto, WebSlave mneto@buriti.com.br

Setting Up Swap Space

When I installed Linux, I didn’t set up a swap space. I have since created a swap file but I have to enter:

swapon /dev/hda5

every time I boot, and I can do it only as root. Can I make this simpler? —Josh Gray Slackware 3.2

Slackware puts entries to automatically mount swap partitions (if they exist) in your rc script files. All you need to do is tell those files that your swap partition exists and is available for use. To do that, put a line in the /etc/fstab file like the following:

/dev/hda5    swap    swap    defaults    1   1

This tells the system to set up a swap space from /dev/hda5 with the default settings for a swap partition. This entry is normally created by the setup scripts when you install Slackware, and is the missing item that prevents your swap area from being initialized with each boot. —Chad Robinson, BRT Technical Services Corporation chadr@brttech.com

x

Check Also

Kernel Panic on Boot

Best of Technical Support Various Issue #87, July 2001 Our experts answer your technical questions. ...