Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!orstcs!guille!thallem
From: thallem@guille.ece.orst.edu (Mike Lohmeyer)
Newsgroups: comp.sys.apollo
Subject: Re: su
Message-ID: <11526@orstcs.CS.ORST.EDU>
Date: 7 Jul 89 06:52:49 GMT
References: <8907011801.AA09885@lnic1.hprc.uh.edu>
Sender: usenet@orstcs.CS.ORST.EDU
Reply-To: thallem@guille.ECE.ORST.EDU (Mike Lohmeyer)
Organization: Oregon State University, E&CE, Corvallis
Lines: 30

In article <8907011801.AA09885@lnic1.hprc.uh.edu> wescott@LNIC1.HPRC.UH.EDU writes:
>Well basically I'm a tyrant, as I don't let anyone have SU 
>privilege.  That's one solution!
>

The idea of the group wheel is for people who are suppose to have access
to some system admin stuff.  In otherwords, wheel members can sometimes
modify files or run programs for system administration that regular users
cannot.  Wheel is sort of a support group.

My solution to the problem was to not use su at all.  I don't like the 
program because sometimes I don't trust the way it sets up the
enviroment (home dir, etc.)  Instead, I got the sources for su2 from
our Microvax II and compiled if the the Apollo systems.  For those that
don't know, su2 is very similar to su in that it allows users to become
root.  The difference is that when the user types su2, they are asked
to enter their own password, not the root password.  That way, no 
users except the real superuser know the root password.  The other
nice part about su2 is that the only people who can do an su2 are
the users who's names are entered in a file called super-users.  These 
names can be added or removed at any time easily to grant or revoke
super user access to users.

I should say that I am using SR9.7, not 10.x.  I don't know if 10.x
has su2 as a standard part of the OS.  If not, it should.  Su2 is
a fairly standard program, and invaluable too.

Mike Lohmeyer					thallem@ece.orst.edu
Oregon State University				(503) 645-5504
Electrical and Computer Engineering Department