netbsd-help: Re: Linux vs NetBSD su

Subject: Re: Linux vs NetBSD su
To: None <netbsd-help@NetBSD.ORG>
From: Josh Lynch <tyme@visi.com>
List: netbsd-help
Date: 03/11/1997 23:18:19
At 08:45 PM 3/11/97 -0800, you wrote:
>From: blymn@awadi.com.au (Brett Lymn)
>>According to Nathan Gelbard:
>[line breaks adjusted]
>>>---
>>>This program does not support a "wheel group" that restricts who can su to
>>>super-users accounts, because that can help fasciest system admins hold
>>>unwarranted power of other users.
>>>---
>>Ahhhh riiight - what they mean is "I just shoulder surfed the r00t
>>password so I should be able to use it".
>>
>>If you are supposed to be able to su to root then you will be in the
>>wheel group - end of story IMHO.
>
>Actually, that is not what "they" mean.  The following is from the manual
>page for GNU `su`:
>
>[begin extract]
>Why GNU su does not support the wheel group (by Richard Stallman):
>
>     Sometimes a few of the users try to hold  total  power  over
>     all  the rest.  For example, in 1984, a few users at the MIT
>     AI lab decided to seize power by changing the operator pass-
>     word  on the Twenex system and keeping it secret from every-
>     one else.  (I was able to thwart this coup  and  give  power
>     back  to  the  users  by patching the kernel, but I wouldn't
>     know how to do that in Unix.)
>
>     However, occasionally the rulers do tell someone.  Under the
>     usual  su  mechanism,  once someone learns the root password
>     who sympathizes with the ordinary users,  he  can  tell  the
>     rest.  The "wheel group" feature would make this impossible,
>     and thus cement the power of the rulers.
>
>     I'm on the side of the masses, not that of the  rulers.   If
>     you are used to supporting the bosses and sysadmins in what-
>     ever they do, you might find this idea strange at first.
>[end extract]
>
>Given the numbers of cracker filth on the Net these days I think the
>wheel group restriction is more a benefit to the users than not, but
>I can sympathize with Stallman's position.
>
>Max
>
>
Hmm, I can "see" where Stallman's posistion would be good....in a place
where everyone is honest, but, come on does anyone really know where that
place is? 
Sysadmins holding faciest power over their users??! Last time I checked,
that was in the job description, to take care of the system(s)! And that
definately includes keeping the root passwd and account as private as
possible...anyway..


______________
Josh         |
tyme@visi.com|
--------------
"Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us" -- Calvin, Calvin &
Hobbes