Date: Tue, 25 Feb 1997 15:50:30 +0000 (GMT) From: Adam David <adam@veda.is> To: wollman@lcs.mit.edu (Garrett Wollman) Cc: current@freebsd.org Subject: Re: cvs commit: src/usr.bin/su su.1 su.c Message-ID: <199702251550.PAA29172@veda.is> In-Reply-To: <9702251506.AA14280@halloran-eldar.lcs.mit.edu> from Garrett Wollman at "Feb 25, 97 10:06:47 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> > wheel:*:0:root #"only root can su" > > wheel:*:0: #anyone can su > > This is very counterintuitive, actually, since root is a member of > group `wheel' regardless of whether it's listed in /etc/group or not. Intuition is not a single thread, and I agree also with your view Garrett. How about the earlier suggestion... wheel:*:0:* #everyone belongs to wheel But is this identical with the desired behaviour? > I have long believed that the current implementation of group checking > in the `su' command is a crock. The correct behavior of the command > would be to call getgroups(2) and check the result for a GID of 0. Good point. -- Adam David <adam@veda.is>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702251550.PAA29172>