From owner-freebsd-current Tue Mar 4 07:14:11 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA25855 for current-outgoing; Tue, 4 Mar 1997 07:14:11 -0800 (PST) Received: from veda.is (ubiq.veda.is [193.4.230.60]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA25847 for ; Tue, 4 Mar 1997 07:13:57 -0800 (PST) Received: (from adam@localhost) by veda.is (8.8.4/8.7.3) id PAA10491; Tue, 4 Mar 1997 15:26:03 GMT From: Adam David Message-Id: <199703041526.PAA10491@veda.is> Subject: Re: cvs commit: src/usr.bin/su su.1 su.c In-Reply-To: <199703041457.GAA14620@meerkat.mole.org> from "M.R.Murphy" at "Mar 4, 97 06:57:09 am" To: mrm@Mole.ORG (M.R.Murphy) Date: Tue, 4 Mar 1997 15:26:01 +0000 (GMT) Cc: wollman@lcs.mit.edu, current@freebsd.org X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I'll grant that the overloading of the use of the "wheel" group > might have been an injudicious choice. I prefer sudo :-) Yep. > The current behavior allows the three cases mentioned above: > > 1) only root can su, > 2) named users can su, > 3) anyone can su > > How would the "correct behavior of the command to call getgroups > and check the result for a GID of 0" provide for the three cases > above without enumerating all users as in 2)? 1) Root is a named user, don't name any others. 2) Name them (traditionally in group 'wheel', but could be elsewhere). 3) /etc/su.conf -- Adam David