Date: Tue, 25 Feb 1997 10:17:09 +1100 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.ru> Cc: Guido van Rooij <guido@freefall.freebsd.org>, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org Subject: Re: cvs commit: src/usr.bin/su su.1 su.c Message-ID: <Pine.BSF.3.91.970225100134.8268j-100000@panda.hilink.com.au> In-Reply-To: <Pine.BSF.3.95q.970225010600.1497A-100000@nagual.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Feb 1997, =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= wrote: > On Mon, 24 Feb 1997, Guido van Rooij wrote: > > > guido 97/02/24 12:32:27 > > > > Modified: usr.bin/su su.1 su.c > > Log: > > When group wheel is empty, allow everyone to su to root. This has normally > > no conseqeunces as we ship with a non-empty wheel. > > I disagree. Some sysadmins intentionally make it empty to disallow 'su' > and allow only root login from console. Also implicit defaults in this way > can be potential hole. Direct list of users here shows better who > currently have access than empty default with unknown users list, please > back it out. What about an explicit entry for 'everyone'? e.g. wheel:*:0:* I'd much rather have people actively decide to allow su access than passively allow it. Danny
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970225100134.8268j-100000>