Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!lll-lcc!pyramid!prls!mips!dce
From: dce@mips.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: 4.3BSD login - logging in as root
Message-ID: <280@quacky.mips.UUCP>
Date: Sun, 12-Apr-87 10:29:56 EST
Article-I.D.: quacky.280
Posted: Sun Apr 12 10:29:56 1987
Date-Received: Mon, 13-Apr-87 23:46:10 EST
References: <437@bacchus.MIT.EDU> <6853@watmath.UUCP>
Reply-To: dce@quacky.UUCP (David Elliott)
Distribution: world
Organization: MIPS Computer Systems, Sunnyvale, CA
Lines: 25

In article <6853@watmath.UUCP> gamiddleton@watmath.UUCP (Guy Middleton) writes:
>In article <437@bacchus.MIT.EDU> rlk@athena.MIT.EDU writes:
>> 
>> Note that 4.3 also prevents su's to root from people not in group
>> operator (or is it wheel?).  This prevents, say, someone logging in as
>
description of a files of people that can su...
>and a password for each.  /bin/su checks this file.  We got rid of the
>group-wheel stuff; it was unnecessary.

I didn't like the idea of forcing people to be in group wheel, either,
though for a commercial product to go against the base release is a
bad idea.

A pretty clean solution is to change the check to be

	if (getegid() != 0 && {user not in group wheel}) {
		{disallow}
	}

and allow su to be setgid wheel. This way, system administrators can
choose whether the check is made for themselves just by using
chmod.
-- 
David Elliott		{decvax,ucbvax,ihnp4}!decwrl!mips!dce