Subject: su(1) group wheel restriction
To: None <tech-userlevel@NetBSD.ORG>
From: Greg Hudson <>
List: tech-userlevel
Date: 01/09/1997 09:53:14
So, one of the long-standing problems we've had with NetBSD at MIT is
that in general, we'd like anyone who knows the root password of a
machine to be able to su to root.  su(1) lets anyone su to root only
if getgrent(0) fails.  (Looking at the man page, it's not totally
clear to me that this is really "supported" behavior, but it's what
the code does.)

It seems poor to me that the only way to configure a machine to allow
arbitrary users to su to root is to give up having a name for group 0.
Assuming we want to solve this problem, there are two solutions I can
come up with:

	* Allow anyone to su to root if gid 0 exists and has no
	  members.  Since NetBSD ships with root explicitly belonging
	  to group wheel, the default behavior will not change.

	  This is the most minimal change, but you could still imagine
	  it screwing over some systems which happen to have empty
	  group wheels (for whatever reason) and don't realize that in
	  the new version of NetBSD, anyone can su to root.

	* Create a new file in /etc (/etc/su.conf, whatever) which
	  controls who can su to root.  If it doesn't exist, fall back
	  to the old check.  If it does exist, it's, say, a list of
	  usernames, one per line, with the username "*" matching all