From owner-freebsd-bugs Sat May 4 8:40:11 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id DE10537B419 for ; Sat, 4 May 2002 08:40:04 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g44Fe4j38556; Sat, 4 May 2002 08:40:04 -0700 (PDT) (envelope-from gnats) Date: Sat, 4 May 2002 08:40:04 -0700 (PDT) Message-Id: <200205041540.g44Fe4j38556@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Gleb Smirnoff Subject: Re: bin/37733: su(1) does not behave the way it is described in man Reply-To: Gleb Smirnoff Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR bin/37733; it has been noted by GNATS. From: Gleb Smirnoff To: Ceri Davies , FreeBSD-gnats-submit@FreeBSD.org Cc: Subject: Re: bin/37733: su(1) does not behave the way it is described in man Date: Sat, 4 May 2002 19:34:01 +0400 On Sat, May 04, 2002 at 02:53:01PM +0100, Ceri Davies wrote: C> > But if user is not listed in group wheel and his primary group is 0, C> > he is allowed to su root. As it is said in comment in su.c, this C> > is the desired behavior. This is quite different to manpage. C> C> If your primary group is 0, then you *are* in wheel (which is the group with C> gid 0). So there is no way to give user wheel rights (for reading many files and logs), but do not permit him to su root? btw, OpenBSD's su behaves exactly the way described in man: it allows to su root only users listed in wheel group in /etc/group. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message