Date: Sun, 14 Jun 1998 08:51:54 +0900 (JST) From: issei@mikage.t-cnet.or.jp To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/6941: su doesn't see user's login group. Message-ID: <199806132351.IAA20433@ordin.mikage.t-cnet.or.jp>
next in thread | raw e-mail | index | archive | help
>Number: 6941
>Category: bin
>Synopsis: User cannot su to root even if his login group is wheel.
>Confidential: yes
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Jun 13 17:00:00 PDT 1998
>Last-Modified:
>Originator: Issei Suzuki
>Organization:
A Site under T-CNET
>Release: FreeBSD 2.2.6-STABLE i386
>Environment:
>Description:
For security reason, user must belongs to wheel group when he wants to su
root. But even if his login group is wheel (I mean getgid() == 0), he cannot
su to root without his name at wheel group entry in /etc/group.
If you want to keep current specification for some reason, you shoud explicitly
refer to it in su(1).
>How-To-Repeat:
Add user with his login group being wheel and witout his entry in wheel group
in /etc/group. Login as he and execute su command.
% su
su: you are not in the correct group to su root.
>Fix:
Apply the following patch:
--- su.orig/su.c Sun Jun 14 08:20:49 1998
+++ su/su.c Sun Jun 14 08:19:54 1998
@@ -255,7 +255,7 @@
#endif
{
/* only allow those in group zero to su to root. */
- if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) &&
+ if ((pwd->pw_uid == 0 && getgid()) && (gr = getgrgid((gid_t)0)) &&
gr->gr_mem && *(gr->gr_mem))
for (g = gr->gr_mem;; ++g) {
if (!*g)
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806132351.IAA20433>