Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!ames!oliveb!sun!gorodish!guy
From: guy@gorodish.UUCP
Newsgroups: comp.unix.wizards
Subject: Re:  su Security
Message-ID: <12766@sun.uucp>
Date: Thu, 5-Feb-87 14:40:47 EST
Article-I.D.: sun.12766
Posted: Thu Feb  5 14:40:47 1987
Date-Received: Sat, 7-Feb-87 15:47:16 EST
References: <4212@brl-adm.ARPA> <72@ritcv.UUCP>
Sender: news@sun.uucp
Reply-To: guy@sun.UUCP (Guy Harris)
Organization: Sun Microsystems, Mountain View
Lines: 26

>>"su" program is restricted to people who are listed in the /etc/group
>>file as being in the "0" group.
>
>Not quite, People of group 1(adm here, 0 is now default) are the only 
>ones able to su to root.

Ron's right, you're wrong.  From the vanilla 4.3BSD "su.c":

	/*
	 * Only allow those in group zero to su to root.
	 */
	if (pwd->pw_uid == 0) {
		struct	group *gr;
		int i;

		if ((gr = getgrgid(0)) != NULL) {
			for (i = 0; gr->gr_mem[i] != NULL; i++)
				if (strcmp(buf, gr->gr_mem[i]) == 0)
					goto userok;
			fprintf(stderr, "You do not have permission to su %s\n",
				user);
			exit(1);
		}
	userok:
		setpriority(PRIO_PROCESS, 0, -2);
	}