From owner-freebsd-current Tue Feb 25 07:07:13 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA26300 for current-outgoing; Tue, 25 Feb 1997 07:07:13 -0800 (PST) Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id HAA26293 for ; Tue, 25 Feb 1997 07:07:08 -0800 (PST) Received: by halloran-eldar.lcs.mit.edu; (5.65v3.2/1.1.8.2/19Aug95-0530PM) id AA14280; Tue, 25 Feb 1997 10:06:47 -0500 Date: Tue, 25 Feb 1997 10:06:47 -0500 From: Garrett Wollman Message-Id: <9702251506.AA14280@halloran-eldar.lcs.mit.edu> To: Adam David Cc: current@freebsd.org Subject: Re: cvs commit: src/usr.bin/su su.1 su.c In-Reply-To: <199702242339.XAA27438@veda.is> References: <199702242339.XAA27438@veda.is> Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk < said: > Please leave it as it is now. If you make root the only member of wheel, > that gives the behaviour that you seek. This is naturally intuitive. > wheel:*:0:root,... #named users can su > wheel:*:0:root #"only root can su" > wheel:*:0: #anyone can su This is very counterintuitive, actually, since root is a member of group `wheel' regardless of whether it's listed in /etc/group or not. I have long believed that the current implementation of group checking in the `su' command is a crock. The correct behavior of the command would be to call getgroups(2) and check the result for a GID of 0. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick