--Apple-Mail-7-888173972
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed


On Jan 16, 2005, at 2:44 AM, Thor Lancelot Simon wrote:

> I use -K or -l when I need to be root _quickly_ during Kerberos
> failures (less common than it used to be since I don't hack on
> Kerberos itself any more, but I used to have to do it quite a
> bit).  I would be annoyed if they disappeared.

So, does that mean we should have -Y (disable YP, in case there are NIS 
problems) and -H (disable Hesiod, in case there are DNS problems) to 
force su to access the local passwd database?

If there are catastrophic issues that render su useless, then you have 
some alternatives:

1. Use your "operator" privs to shutdown the system into single-user 
mode.

2. Keep a root shell open while you're doing whatever you're doing that 
could break Kerberos (or whatever).

         -- Jason R. Thorpe <thorpej@shagadelic.org>


--Apple-Mail-7-888173972
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFB6qXROpVKkaBm8XkRAjgpAJ9vASC93rnm0irRg6C3O+qo6ubMgACgxRaO
BpE+TXLs7wwoicoglCcc/ck=
=AM5s
-----END PGP SIGNATURE-----

--Apple-Mail-7-888173972--