Date: Tue, 25 Feb 1997 22:37:54 +0100 (MET) From: Guido van Rooij <guido@gvr.win.tue.nl> To: ache@nagual.ru (=?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?=) Cc: guido@freefall.freebsd.org, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org Subject: Re: cvs commit: src/usr.bin/su su.1 su.c Message-ID: <199702252137.WAA08200@gvr.win.tue.nl> In-Reply-To: <Pine.BSF.3.95q.970225010600.1497A-100000@nagual.ru> from =?ISO-8859-1?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= at "Feb 25, 97 01:09:04 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Андрей Чернов wrote: > On Mon, 24 Feb 1997, Guido van Rooij wrote: > > > guido 97/02/24 12:32:27 > > > > Modified: usr.bin/su su.1 su.c > > Log: > > When group wheel is empty, allow everyone to su to root. This has normally > > no conseqeunces as we ship with a non-empty wheel. > > I disagree. Some sysadmins intentionally make it empty to disallow 'su' > and allow only root login from console. Also implicit defaults in this way > can be potential hole. Direct list of users here shows better who > currently have access than empty default with unknown users list, please > back it out. > There is no other way to give everyne this functionality. Therefor I think it is a good idea...Besides, remember that the default wheel group is set with root. There is no empty default. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702252137.WAA08200>