Subject: Re: su(1) group wheel restriction
To: None <firstname.lastname@example.org>
From: Hacksaw <email@example.com>
Date: 01/10/1997 09:45:45
>> The former doesn't give that user write access to wheel owned files
>> and directories.
>Huh? Those users can su, so they can do anything to your system anyway,
>including write to wheel owned files. OK, they'd have to su first, which
>they don't need in the other case, but they'd even be able to remove any
>traces of this in most cases if they really wanted.
This isn't so much a matter of high security as it is stupidity
prevention. How many times have you su'ed, and then when you were done
with whatever task you were working on, went and read your mail and
news, and editted a few files.
The next day you try to edit those files or read mail, only to
discover that root owns those files, because that's who you were when
you were using them last.
More worrisome is when you wander about trying things, leaving a trail
of root owned files in your wake, because nothing is preventing you.