Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!news.hawaii.edu!ames!agate!howland.reston.ans.net!blackbush.xlink.net!rz.uni-karlsruhe.de!news.uni-stuttgart.de!news.rhrz.uni-bonn.de!saph2.physik.uni-bonn.de!juengst From: juengst@saph1.physik.uni-bonn.de (Henry G. Juengst) Newsgroups: comp.unix.bsd.netbsd.misc Subject: Re: su Root? Date: 6 Feb 1996 18:22:14 GMT Organization: Institut fuer Strahlen- und Kernphysik Lines: 52 Sender: juengst@saph2.physik.uni-bonn.de (Henry G. Juengst) Distribution: world Message-ID: <4f868m$ner@news.rhrz.uni-bonn.de> References: <4cu84p$5m3@huron.eel.ufl.edu> <4cudk2$4pi@news.rhrz.uni-bonn.de> <4d3e9j$37l@huron.eel.ufl.edu> <4f4far$ftu@news.pcslink.com> Reply-To: juengst@saph1.physik.uni-bonn.de NNTP-Posting-Host: saph1.physik.uni-bonn.de In article <4f4far$ftu@news.pcslink.com>, ryan@pcslink.com (Ryan Mooney) writes: >In article <4d3e9j$37l@huron.eel.ufl.edu>, > raub@kushana.aero.ufl.edu (Mauricio Tavares) wrote: >>In 9 Jan 1996 18:53:54 GMT, Henry G. Juengst >(juengst@saph1.physik.uni-bonn.de) wrote: >> >>> In article <4cu84p$5m3@huron.eel.ufl.edu>, raub@kushana.aero.ufl.edu >(Mauricio Tavares) writes: Please, cite the entire article next time, especially if you send a reply one month later. >Hmm I actually like that feature - I just add the people who are allowed >in /etc/group and all is dandy. Of course I'm kind of a paranoid security >weenie who doesn't want just anyone ot be able to su to root (of course >depending on where you are and what you're doing... YMMV). > >>> I agree. It is not very nice that users have to be member of the group >>> wheel (what a name...) just to be able to "su". Try the following patches: >Although I do agree wheel is kind of a lame name for root group. Of course >you could change it - just change the name in /etc/group and voila all is >different (warning - this may cause something to barf I don't know I haven't >tried it :) You didn't understand the real problem. It is not just the name "wheel". This is not a problem, of course. I have added a group "root" with the gid 0 on my own machine, because sometimes I use "root" (the group name of gid 0 on a SYSV machine) instead of "wheel" (BSD). In the quoted article I was talking about the program "su". I don't like the idea that one has to be a member of the group "wheel" (better say gid 0) to be able to start "su". Normally I want to work as an unpriviledged user who is able to use "su" if neccessary. As unpriviledged user I do not want to have file access rights etc. like somebody (especially user "root") who is in the group "wheel". The reason is very simple: People make errors and it could be possible that one destroys something via gid (0) access. This should never be possible for unpriviledged users. That is why I have added an additional (!) group "su" (new gid!=0) in my patch for the program "su" to grant "su" access. Henry -- juengst@saph1.physik.uni-bonn.de [131.220.161.1] (Internet) omni:.de.uni-bonn.physik.saph1::juengst (DECnet/OSI, phase V) saph1::juengst [26.358] (DECnet, phase IV) Any opinions in this mail are my own.