>> What I did was to "chown 500 /usr/bin/su" (making it harmless), and to
>> install the skey "su" program as "/usr/local/bin/keysu" (modulo
>> personal preference). Skey's "su" doesn't let root su to other users
>> w/o authentication.
> What's the point of that? As root you can simply:
> execl("/bin/sh", "-i", (char *)0);
> root shouldn't need authentication via su for other UIDs, it only makes
> it a slight hassle to perform normal system administration functions on
> user's directories.
It's a workaround for a bug in the skey version of su...