sec is a password protected means of allowing specified users to
obtain a root shell without giving them the system's root password.
It is similar in this regard to su, except that each user has his
own password, which can be changed at any time. These passwords and
authorized users are stored in a security file hidden cleverly
somewhere on a mounted file system (at your descretion).

This is MARGINALLY safer than releasing the root password, but
NOT MUCH. REMEMBER: When someone IS root they can do anything.
This program, used improperly can be DANGEROUS! By itself, this
source is not, since it must be run suid for it to work.

sec will log to syslog successful and unsuccessful attempts to
get a root shell. If you don't have syslog, a phoney syslog
routine is provided to log to a file.

The security file itself is owned by root and chmod'd to u+r (0400).
The format is one user per line, the username, followed by a colon,
followed by an optional crypted password. To add a user, simply add
the user to the file, with the ":" as the last character on the line.
Then either use secpw to set the password, or remind the user to do
this the first time he uses sec (sec will warn when a user has a null
PW, but will allow root access anyway).

secpw may be used to change someone else's security password, in case
that user is compromised. secpw tries to setuid itself to root as a
test to see if it is being run by root. Therefore you must NOT suid
secpw. secpw will not run if it can't setuid(0), so to change your sec
password, you first have to get into sec (or root), presumably using
your old password.

As further protection, it is suggested that sec authorized users be placed
into a separate "operator" or "sec" group, and that only this group be
allowed to even run sec (chmod o-rwx).
