Subject: Re: su(1) group wheel restriction
To: None <email@example.com>
From: Mike Long <firstname.lastname@example.org>
Date: 01/09/1997 11:34:39
>Date: Thu, 9 Jan 1997 09:53:14 -0500
>From: Greg Hudson <email@example.com>
>It seems poor to me that the only way to configure a machine to allow
>arbitrary users to su to root is to give up having a name for group 0.
>Assuming we want to solve this problem, there are two solutions I can
>come up with:
> * Allow anyone to su to root if gid 0 exists and has no
> members. Since NetBSD ships with root explicitly belonging
> to group wheel, the default behavior will not change.
I prefer this solution.
> This is the most minimal change, but you could still imagine
> it screwing over some systems which happen to have empty
> group wheels (for whatever reason) and don't realize that in
> the new version of NetBSD, anyone can su to root.
I think the usual notification of current-users should be sufficient.
The change should also be documented in doc/CHANGES and the notes for
the next release.
Mike Long <firstname.lastname@example.org> <URL:http://www.shore.net/~mikel>
VLSI Design Engineer finger email@example.com for PGP public key
Analog Devices, CPD Division CCBF225E7D3F7ECB2C8F7ABB15D9BE7B
Norwood, MA 02062 USA (eq (opinion 'ADI) (opinion 'mike)) -> nil