Path: utzoo!attcan!uunet!husc6!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!NUSVM.BITNET!GBOPOLY1 From: GBOPOLY1@NUSVM.BITNET (fclim) Newsgroups: comp.sys.apollo Subject: Re: su Message-ID: <8906300433.AA04073@umix.cc.umich.edu> Date: 30 Jun 89 04:35:56 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 46 X-Unparsable-Date: Fri, 30 Jun 89 12:24:49 SST In article <8906291414.AA04731@lnic1.hprc.uh.edu> Andrew M. Wescott writes >So what is wrong with having to belong to group "wheel" in >order to su root? I miss the point entirely. Let the sysadm >add whoever to wheel from edrgy, give them the password, and >be done with it. Say what? We are talking about su, Andrew, ability to turn into Superuser in a single bound. We might as well give root's passwd to selected people and let them use login instead of su. >Say I am logged on to an Apollo console as myself, and then I >decide to su root. Well now I can do things like run edrgy, >kill processes, and the like. But guess what I can't do? >I can't EDIT files owned by root.staff.none with -rwxr-xr-x >protection. Now here's the real clincher: When I dial up >from home and decide to su root, I am able to edit these >same files with no problem. That confuses me. At SR9.7, /doc/domain_ix.release_notes sez that there are limitations when you su/login to a different user. The change in the USER environme environment variable is not communicated to the DM. So EDIT, cv, etc will not work if the new user does not have the acl rights. The notes suggest using ed, ex or vi for editing purposes. In article <442098a6.1dc6c@apollo.COM> pato%apollo.uucp@eddie.mit.edu (Joe Pato) writes >When using the Berkeley derived version of su, the user must be a membe of the >wheel group (actually of group 0) to be allowed to "su" to root. Unless there is explicit code to check the *real* group id with "wheel", I believe, any user can su to root if your sys_admin login in as root and do % chgrp wheel /bin/su % chmod 6755 /bin/su Anybody running su will have effective group id set as "wheel". This beats having to put all those users who will su to root sometimes in the future in the same group as wheel. Since su prompts for passwds, it is all right to set the setgid on. fclim --- gbopoly1 % nusvm.bitnet @ cunyvm.cuny.edu computer centre singapore polytechnic dover road singapore 0513.