Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!husc6!bacchus!rlk
From: rlk@bacchus.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: 4.3BSD login - logging in as root
Message-ID: <437@bacchus.MIT.EDU>
Date: Fri, 10-Apr-87 16:24:57 EST
Article-I.D.: bacchus.437
Posted: Fri Apr 10 16:24:57 1987
Date-Received: Sat, 11-Apr-87 19:18:26 EST
Sender: daemon@bacchus.MIT.EDU
Reply-To: rlk@athena.MIT.EDU
Distribution: world
Organization: MIT Project Athena
Lines: 19

In article <274@quacky.mips.UUCP> dce@quacky.UUCP (David Elliott) writes:

[Discussion of logging in as root on an unsecure tty].

]Is there a good reason that login shouldn't go ahead and prompt for a
]password in this case just for the sake of consistency?

None that I can think of.  In addition, there's another reason why it
should ask for the password.  If someone has the root password, and
tries to log in on an unsecure tty, then login could detect that the
correct password is being used and log a message indicating what
happened.

Note that 4.3 also prevents su's to root from people not in group
operator (or is it wheel?).  This prevents, say, someone logging in as
a random and then su'ing.  Su should also log attempts by people not
in the right group, for the same reason.

Robert^Z