Date: Sun, 13 Oct 2002 14:04:24 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Mark Murray <mark@grondar.za> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc group Message-ID: <Pine.NEB.3.96L.1021013140304.44458K-100000@fledge.watson.org> In-Reply-To: <200210131745.g9DHjO01008151@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 13 Oct 2002, Mark Murray wrote: > > Leave root in operator for dump/restore broadcast reasons; leave root > > in wheel until discrepencies in the "no users in wheel means any user > > can su" policy are resolved (possibly indefinitely). > > This sounds like a policy decision that can be handed over to PAM. Currently, it is, I believe. I was sure at one point that we supported a mode of operation for su that allowed any user to su to root if the wheel group was empty, and restricted it to the wheel group if it was non-empty. That no longer appears to be the case on 5.0, and I haven't got a 4.x box I can afford to shoot down to experiment with right now on that branch. Currently, the wheel behavior in the PAM case is entirely encapsulated in pam_wheel(8). Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1021013140304.44458K-100000>