*BSD News Article 26398


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!spool.mu.edu!sol.ctr.columbia.edu!xlink.net!sbusol.rz.uni-sb.de!microdesk8!joachim
From: joachim@ee.uni-sb.de (Joachim Koenig)
Newsgroups: comp.os.386bsd.questions
Subject: Re: NetBSD 0.9: Unable to su to root from wheel group
Date: 24 Jan 1994 09:54:25 GMT
Organization: Universitaet des Saarlandes,Rechenzentrum
Lines: 24
Message-ID: <2i05siINN5f3@sbusol.rz.uni-sb.de>
References: <17JAN94.15533228@tifrvax.tifr.res.in> <2hkq26$23j@cynjut.ogisd.ess.harris.com> <2hmh2v$c9s@sparc10.entropic.com>
NNTP-Posting-Host: microdesk8.ee.uni-sb.de
X-Newsreader: TIN [version 1.2 PL2]

Ken Hornstein (kenh@wrl.epi.com) wrote:
: Actually, if you look at the code for su, you'll see that it only checks
: "auxiliarlly" groups (ones that list you in /etc/group) and not your "primary"
: group (the one listed in /etc/passwd).  It's really a bug/feature of su (I'm
: not sure which one to call it :-) ).

It's neither a bug nor a feature from the user point of view IMHO.
Traditionally (have a look at the SunOS 'su'-command) if group wheel
was empty, everybody was allowed to su to root, else only those listed
in group wheel were allowed to.
In order to implement this feature, when the wheel group in /etc/group
is empty, but the primary group in /etc/passwd would be sufficient, the
whole /etc/passwd-file (+ YP-database) would have to be scanned for
grid 0. It was thus much simpler to implement the su command to have
a look at the wheel entry in /etc/group. This is no longer true for
NetBSD, as it does not provide this feature.

Joachim

--
email: joachim@ee.uni-sb.de   University of Saarland, Germany, Europe
phone: +49 681 3023043		     suffering should be creative,
fax:              2678	      should give birth to something good and lovely
<Ende der Fahnenstange>