Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!nntp.coast.net!swidir.switch.ch!scsing.switch.ch!news.belwue.de!news.uni-stuttgart.de!rz.uni-karlsruhe.de!nntp.gmd.de!news.rwth-aachen.de!news.rhrz.uni-bonn.de!saph2.physik.uni-bonn.de!juengst
From: juengst@saph1.physik.uni-bonn.de (Henry G. Juengst)
Newsgroups: comp.unix.bsd.netbsd.misc
Subject: Re: su Root?
Date: 9 Jan 1996 18:53:54 GMT
Organization: Institut fuer Strahlen- und Kernphysik
Lines: 96
Sender: juengst@saph2.physik.uni-bonn.de (Henry G. Juengst)
Distribution: world
Message-ID: <4cudk2$4pi@news.rhrz.uni-bonn.de>
References: <4cu84p$5m3@huron.eel.ufl.edu>
Reply-To: juengst@saph1.physik.uni-bonn.de
NNTP-Posting-Host: saph1.physik.uni-bonn.de
In article <4cu84p$5m3@huron.eel.ufl.edu>, raub@kushana.aero.ufl.edu (Mauricio Tavares) writes:
> I hope this is a fast question: I've created a normal user
>account for me to use instead of root. However, I can't su root from
>that account; I keep getting an error message saying I am in the wrong
>group to su root. I do not want to add me to wheel group (I am
>currently in staff); what should I do then?
I agree. It is not very nice that users have to be member of the group
wheel (what a name...) just to be able to "su". Try the following patches:
*** /usr/src/usr.bin/su/su.1.orig Thu Jan 13 11:50:26 1994
--- /usr/src/usr.bin/su/su.1 Tue Mar 8 13:18:20 1994
***************
*** 131,136 ****
--- 131,138 ----
.Pp
Only users in group 0 (normally
.Dq wheel )
+ or group
+ .Dq su
can
.Nm su
to
*** /usr/src/usr.bin/su/su.c.orig Wed May 25 14:46:15 1994
--- /usr/src/usr.bin/su/su.c Mon Feb 13 03:22:03 1995
***************
*** 154,171 ****
if (!use_kerberos || kerberos(username, user, pwd->pw_uid))
#endif
{
! /* only allow those in group zero to su to root. */
! if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)))
! for (g = gr->gr_mem;; ++g) {
! if (!*g) {
! (void)fprintf(stderr,
! "su: you are not in the correct group to su %s.\n",
! user);
! exit(1);
! }
! if (!strcmp(username, *g))
! break;
! }
/* if target requires a password, verify it */
if (*pwd->pw_passwd) {
p = getpass("Password:");
--- 154,190 ----
if (!use_kerberos || kerberos(username, user, pwd->pw_uid))
#endif
{
! /* only allow those in group zero or "su" to su to root. */
! if (pwd->pw_uid == 0)
! { int my_su_denied; /*true until we find the required group*/
!
! my_su_denied=getegid(); /* not denied for gid 0 */
!
! gr=getgrgid((gid_t)0);
! if(gr)
! { g=gr->gr_mem;
!
! while(my_su_denied && *g)
! my_su_denied=strcmp(username,*(g++));
! }
!
! gr=getgrnam("su");
! if(gr)
! { g=gr->gr_mem;
! if(getegid()==gr->gr_gid)
! my_su_denied=0;
!
! while(my_su_denied && *g)
! my_su_denied=strcmp(username,*(g++));
! }
! if(my_su_denied)
! { (void)fprintf(stderr,
! "su: you are not in the correct group to su %s.\n",
! user);
! exit(1);
! }
! }
!
/* if target requires a password, verify it */
if (*pwd->pw_passwd) {
p = getpass("Password:");
>
>BTW, we are talking about NetBSD 1.1 in a Sun 3/50.
Henry
--
juengst@saph1.physik.uni-bonn.de [131.220.161.1] (internet)
saph1::juengst [13.259] (decnet)
Any opinions in this mail are my own.