Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!spool.mu.edu!sol.ctr.columbia.edu!xlink.net!sbusol.rz.uni-sb.de!microdesk8!joachim From: joachim@ee.uni-sb.de (Joachim Koenig) Newsgroups: comp.os.386bsd.questions Subject: Re: NetBSD 0.9: Unable to su to root from wheel group Date: 24 Jan 1994 09:54:25 GMT Organization: Universitaet des Saarlandes,Rechenzentrum Lines: 24 Message-ID: <2i05siINN5f3@sbusol.rz.uni-sb.de> References: <17JAN94.15533228@tifrvax.tifr.res.in> <2hkq26$23j@cynjut.ogisd.ess.harris.com> <2hmh2v$c9s@sparc10.entropic.com> NNTP-Posting-Host: microdesk8.ee.uni-sb.de X-Newsreader: TIN [version 1.2 PL2] Ken Hornstein (kenh@wrl.epi.com) wrote: : Actually, if you look at the code for su, you'll see that it only checks : "auxiliarlly" groups (ones that list you in /etc/group) and not your "primary" : group (the one listed in /etc/passwd). It's really a bug/feature of su (I'm : not sure which one to call it :-) ). It's neither a bug nor a feature from the user point of view IMHO. Traditionally (have a look at the SunOS 'su'-command) if group wheel was empty, everybody was allowed to su to root, else only those listed in group wheel were allowed to. In order to implement this feature, when the wheel group in /etc/group is empty, but the primary group in /etc/passwd would be sufficient, the whole /etc/passwd-file (+ YP-database) would have to be scanned for grid 0. It was thus much simpler to implement the su command to have a look at the wheel entry in /etc/group. This is no longer true for NetBSD, as it does not provide this feature. Joachim -- email: joachim@ee.uni-sb.de University of Saarland, Germany, Europe phone: +49 681 3023043 suffering should be creative, fax: 2678 should give birth to something good and lovely <Ende der Fahnenstange>