Date: Mon, 24 Feb 1997 23:39:55 +0000 (GMT) From: Adam David <adam@veda.is> To: ache@nagual.ru (=?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?=) Cc: guido@freefall.freebsd.org, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org Subject: Re: cvs commit: src/usr.bin/su su.1 su.c Message-ID: <199702242339.XAA27438@veda.is> In-Reply-To: <Pine.BSF.3.95q.970225010600.1497A-100000@nagual.ru> from "[______ ______]" at "Feb 25, 97 01:09:04 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> > guido 97/02/24 12:32:27 > > > > Modified: usr.bin/su su.1 su.c > > Log: > > When group wheel is empty, allow everyone to su to root. This has normally > > no conseqeunces as we ship with a non-empty wheel. [Andrey] > I disagree. Some sysadmins intentionally make it empty to disallow 'su' > and allow only root login from console. Also implicit defaults in this way > can be potential hole. Direct list of users here shows better who > currently have access than empty default with unknown users list, please > back it out. Please leave it as it is now. If you make root the only member of wheel, that gives the behaviour that you seek. This is naturally intuitive. wheel:*:0:root,... #named users can su wheel:*:0:root #"only root can su" wheel:*:0: #anyone can su The 3rd line is "anyone" because "noone" would be equivalent to the 2nd line, since root (by definition) can always su. Sorry if I didn't state it clearly, it is really obvious though. Adam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702242339.XAA27438>