Date: Tue, 4 Mar 1997 07:37:55 -0800 From: "M.R.Murphy" <mrm@Mole.ORG> To: adam@veda.is, mrm@mole.mole.org Cc: current@freebsd.org, wollman@lcs.mit.edu Subject: Re: cvs commit: src/usr.bin/su su.1 su.c Message-ID: <199703041537.HAA14692@meerkat.mole.org>
next in thread | raw e-mail | index | archive | help
> > > I'll grant that the overloading of the use of the "wheel" group > > might have been an injudicious choice. I prefer sudo :-) > > Yep. > > > The current behavior allows the three cases mentioned above: > > > > 1) only root can su, > > 2) named users can su, > > 3) anyone can su > > > > How would the "correct behavior of the command to call getgroups > > and check the result for a GID of 0" provide for the three cases > > above without enumerating all users as in 2)? > > 1) Root is a named user, don't name any others. > 2) Name them (traditionally in group 'wheel', but could be elsewhere). > 3) /etc/su.conf Does any of the 3 immediately above handle the "anyone can su" case, which those who are used to, shudder, System V, might prefer? Ah, yes /etc/su.conf would contain a description of desired behavior, and not an enumeration of users allowed to su. /etc/su.conf, YAFCFIHTP -- yet another control file I have to protect :-) /etc/kerberosIV, /etc/su.conf, /etc/sudoers, /etc/inetd.conf, /etc/passwd, /etc/group, /var/yp/etc/*, .... I want more ways to be root :-) I ask, "What's wrong with leaving it as is and letting those who want more control use sudo?" It's a rhetorical question, since the answer seems to reduce to, "It's fun to hack at things." It is, too; I agree :-) -- Mike Murphy mrm@Mole.ORG +1 619 598 5874 Better is the enemy of Good
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703041537.HAA14692>