Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!gamiddleton
From: gamiddleton@watmath.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: 4.3BSD login - logging in as root
Message-ID: <6853@watmath.UUCP>
Date: Sat, 11-Apr-87 18:09:29 EST
Article-I.D.: watmath.6853
Posted: Sat Apr 11 18:09:29 1987
Date-Received: Sun, 12-Apr-87 01:23:56 EST
References: <437@bacchus.MIT.EDU>
Reply-To: gamiddleton@watmath.UUCP (Guy Middleton)
Distribution: world
Organization: University of Waterloo Institute for Computer Research
Lines: 20

In article <437@bacchus.MIT.EDU> rlk@athena.MIT.EDU writes:
> None that I can think of.  In addition, there's another reason why it
> should ask for the password.  If someone has the root password, and
> tries to log in on an unsecure tty, then login could detect that the
> correct password is being used and log a message indicating what
> happened.
> 
> Note that 4.3 also prevents su's to root from people not in group
> operator (or is it wheel?).  This prevents, say, someone logging in as
> a random and then su'ing.  Su should also log attempts by people not
> in the right group, for the same reason.

We didn't like the 4.3 behaviour, so we replaced with our own way of doing
things.  In our /etc/passwd file, the entry for root has a password of '*',
so one can never log in as root directly.  Instead, there is a file
/etc/super-users, which contains a list of users allowed to become root,
and a password for each.  /bin/su checks this file.  We got rid of the
group-wheel stuff; it was unnecessary.

 -Guy Middleton, University of Waterloo MFCF/ICR, gamiddleton@watmath