Return to BSD News archive
Newsgroups: comp.unix.bsd Path: sserve!manuel!munnari.oz.au!uunet!haven.umd.edu!darwin.sura.net!jvnc.net!yale.edu!ira.uka.de!math.fu-berlin.de!unidui!du9ds3!veit From: veit@du9ds3.uni-duisburg.de (Holger Veit) Subject: Re: su behavior References: <1992Aug31.155112.18068@engage.pko.dec.com> Date: 31 Aug 92 17:04:41 GMT Reply-To: veit@du9ds3.uni-duisburg.de Organization: Uni-Duisburg FB9 Datenverarbeitung Sender: @unidui.uni-duisburg.de Message-ID: <veit.715280681@du9ds3> Lines: 36 In <1992Aug31.155112.18068@engage.pko.dec.com> eje@irenaeus.mlo.dec.com (Eric James Ewanco) writes: >I noticed something unusual, at least to me, about su behavior on 386bsd. >I've used Ultrix in the past, Suns too, and they allow you to su on any >terminal. But 386bsd insists that the only ones who can su are those who are in >the group "wheel". This is pretty stupid, though, because when I put my user >in group wheel, I automatically had root privileges!! This totally defeats the >purpose of su! If you are allowed to su, then you don't need to because you >already have root access!!! >Is this standard behavior for su? What is the reasoning behind this? Not exactly. It says, that the users that *may change to the group wheel* may run 'su'. I.e. if you add a user name (of any group) in /etc/group after the last colon in the group wheel, then this user may do 'su'. But even if you belong to the wheel group, with GID 0, you shouldn't be running with UID 0, and normally, you do not have the root right with this automatically (unless there is a hidden bug). The reason with this mechanism is that not any hacker who "read your fingers" when you were entering the password to become su, may repeat it. This goes along with disabling the 'secure' keyword in /etc/ttytab for all connections except console, and locking the console for unpriviledged users. >Eric Holger -- | | / Holger Veit | INTERNET: veit@du9ds3.uni-duisburg.de |__| / University of Duisburg | BITNET: veit%du9ds3.uni-duisburg.de@UNIDO | | / Dept. of Electr. Eng. | "No, my programs are not BUGGY, these are | |/ Inst. f. Dataprocessing | just unexpected FEATURES"