From owner-cvs-usrbin Tue Feb 25 13:38:21 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA18327 for cvs-usrbin-outgoing; Tue, 25 Feb 1997 13:38:21 -0800 (PST) Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA18322; Tue, 25 Feb 1997 13:38:07 -0800 (PST) Received: (from guido@localhost) by gvr.win.tue.nl (8.8.5/8.8.2) id WAA08200; Tue, 25 Feb 1997 22:37:54 +0100 (MET) From: Guido van Rooij Message-Id: <199702252137.WAA08200@gvr.win.tue.nl> Subject: Re: cvs commit: src/usr.bin/su su.1 su.c In-Reply-To: from =?ISO-8859-1?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= at "Feb 25, 97 01:09:04 am" To: ache@nagual.ru (=?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?=) Date: Tue, 25 Feb 1997 22:37:54 +0100 (MET) Cc: guido@freefall.freebsd.org, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Андрей Чернов wrote: > On Mon, 24 Feb 1997, Guido van Rooij wrote: > > > guido 97/02/24 12:32:27 > > > > Modified: usr.bin/su su.1 su.c > > Log: > > When group wheel is empty, allow everyone to su to root. This has normally > > no conseqeunces as we ship with a non-empty wheel. > > I disagree. Some sysadmins intentionally make it empty to disallow 'su' > and allow only root login from console. Also implicit defaults in this way > can be potential hole. Direct list of users here shows better who > currently have access than empty default with unknown users list, please > back it out. > There is no other way to give everyne this functionality. Therefor I think it is a good idea...Besides, remember that the default wheel group is set with root. There is no empty default. -Guido