Subject: Re: su(1) group wheel restriction
To: Jason Thorpe <>
From: Luke Mewburn <>
List: tech-userlevel
Date: 01/10/1997 11:28:50
Jason Thorpe writes:
> On Thu, 9 Jan 1997 09:53:14 -0500 
>  Greg Hudson <> wrote:
>  > 	* Create a new file in /etc (/etc/su.conf, whatever) which
>  > 	  controls who can su to root.  If it doesn't exist, fall back
>  > 	  to the old check.  If it does exist, it's, say, a list of
>  > 	  usernames, one per line, with the username "*" matching all
>  > 	  users.
>  > 
>  > Comments?
> I like this... (BTW, I'd also like it to support netgroups, too... like,
> @super-users, for example...)  I'd also like the ability for /etc/su.conf
> to come in the form of a YP map (activated with a "+" entry in the
> Real File).

[Warning: thread diversion alert!]

If this is done, I hope we don't use that crufty old '+' syntax. It
should only be used for passwd/group compat reasons...

If you want data to be sourced from files, yp, dns, whatever, then we
should just use the nsswitch(*) library I've written.  All you'd do
is add an entry to /etc/nsswitch.conf of the form:
	su:  yp files

Note that if the 'su' entry is non-existant, nsswitch will default to

That's the advantage of writing a generic nsdispatch() function. You
can write clients for anything you like... :-)


(*) Before you ask: I'm waiting on some modifications to come back
    from J.T. before I merge nsswitch into the mainline libc...