Date: Tue, 25 Feb 1997 10:06:47 -0500 From: Garrett Wollman <wollman@lcs.mit.edu> To: Adam David <adam@veda.is> Cc: current@freebsd.org Subject: Re: cvs commit: src/usr.bin/su su.1 su.c Message-ID: <9702251506.AA14280@halloran-eldar.lcs.mit.edu> In-Reply-To: <199702242339.XAA27438@veda.is> References: <Pine.BSF.3.95q.970225010600.1497A-100000@nagual.ru> <199702242339.XAA27438@veda.is>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Mon, 24 Feb 1997 23:39:55 +0000 (GMT), Adam David <adam@veda.is> said: > Please leave it as it is now. If you make root the only member of wheel, > that gives the behaviour that you seek. This is naturally intuitive. > wheel:*:0:root,... #named users can su > wheel:*:0:root #"only root can su" > wheel:*:0: #anyone can su This is very counterintuitive, actually, since root is a member of group `wheel' regardless of whether it's listed in /etc/group or not. I have long believed that the current implementation of group checking in the `su' command is a crock. The correct behavior of the command would be to call getgroups(2) and check the result for a GID of 0. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9702251506.AA14280>