Return to BSD News archive
Path: sserve!manuel!munnari.oz.au!uunet!gatech!concert!duke!khera
From: khera@cs.duke.edu (Vivek Khera)
Newsgroups: comp.unix.bsd
Subject: Re: su behavior
Message-ID: <KHERA.92Aug31132624@thneed.cs.duke.edu>
Date: 31 Aug 92 17:26:24 GMT
References: <1992Aug31.155112.18068@engage.pko.dec.com>
Sender: news@duke.cs.duke.edu
Organization: Duke University CS Dept., Durham, NC
Lines: 29
Nntp-Posting-Host: thneed.cs.duke.edu
In-reply-to: eje@irenaeus.mlo.dec.com's message of 31 Aug 92 15:51:12 GMT
X-Md4-Signature: ae46c31222d41b6531da788508d54ddf
In article <1992Aug31.155112.18068@engage.pko.dec.com> eje@irenaeus.mlo.dec.com (Eric James Ewanco) writes:
I've used Ultrix in the past, Suns too, and they allow you to su on
any terminal. But 386bsd insists that the only ones who can su are
those who are in the group "wheel". This is pretty stupid, though,
because when I put my user in group wheel, I automatically had root
privileges!! This totally defeats the purpose of su! If you are
allowed to su, then you don't need to because you already have root
access!!!
Is this standard behavior for su? What is the reasoning behind this?
this is the normal behaviour of modern versions of su. this way, when
you have, say 1000 users on your system, knowing the root password
just isn't enough to become root without access to a machine's
console. on our set up, only the machine consoles which are in a
physically locked room allow root logins, all other root access must
be via an explicit su command. only the few people who happen to be
in group wheel are allowed to do that. its just an extra level of
security.
now if you claim that just by being in group wheel, one has root
priveleges, then i suggest you find a good book on unix security and
read it.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Gradual Student/Systems Guy Department of Computer Science
Internet: khera@cs.duke.edu Box 90129
(MIME mail accepted) Durham, NC 27708-0129 (919)660-6528