H2: Files related to authentication - /adm/users # cpu server is he registered? isn't he a member of noworld? - /mnt/keys/*/key # auth server is his key given? - /lib/ndb/auth # auth server is he allowed to be authenticated? - /adm/keys.who users listed in this file will be seen in /mnt/keys H2: case study (su ver1.0a) H3: su on al H4: su -p xxxxx alice su# t alice 1426 0:00 0:00 184K Pread ps --rw-rw-rw- M 894 alice sys 0 Nov 2 16:10 x OK H4: su alice su# t alice 1434 0:00 0:00 184K Pread ps --rw-rw-rw- M 902 arisawa sys 0 Nov 2 16:13 x H4: su -p xxxxx sho su: execl: permission denied H2: case study (su ver1.0) H3: su on ar host: cpu server method: cpu executer: bootes H4: alice - alice is in /adm/users - alice has password - $home is given - he owns $home ar% grep alice /adm/users alice:alice:arisawa:web,arisawa,backup ar% su -p $p -f $f alice result: OK H4: bob H4: douke - he is in /adm/users - he is noworld - password is not given - $home is given - he owns $home result: Eve -> douke Adm -> bootes douke 17524 0:00 0:00 184K Pread ps --rw-rw-rw- M 30028 bootes sys 0 Nov 2 09:42 x H4: carol - not in /adm/users - password is not given - $home is not given Eve -> carol Adm -> bootes H3: su on al h H4: su none su# t none 1202 0:00 0:00 184K Pread ps --rw-rw-rw- M 805 none sys 0 Nov 2 15:07 x su# cd su# touch z touch: z: cannot create: permission denied OK, reasonable. H4: su alice alice is in /adm/users alice has password su# t alice 1288 0:00 0:00 184K Pread ps --rw-rw-rw- M 831 arisawa sys 0 Nov 2 15:44 x H4: su -p xxxxx alice alice is in /adm/users alice has password su# t alice 1309 0:00 0:00 184K Pread ps --rw-rw-rw- M 839 arisawa sys 0 Nov 2 15:50 x H4: su bob bob is not in /adm/users bos is not in /mnt/keys su# t bob 1278 0:00 0:00 184K Pread ps --rw-rw-rw- M 823 arisawa sys 0 Nov 2 15:41 x OK, reasonable. ------------------------