Subject: More on the su(1) group wheel restriction
To: None <tech-userlevel@NetBSD.ORG>
From: Greg Hudson <ghudson@MIT.EDU>
List: tech-userlevel
Date: 01/30/1997 03:02:12
So, there wasn't a great deal of consensus when I asked about how to
allow a system to relax the group wheel restriction without removing
group wheel entirely.  However, the majority (though not the vast
majority) of developers seemed to favor allowing people to su if group
wheel exists but has no members in /etc/group.

Note that:

	* If you don't want to allow anyone to su, you can just have
	  "root" in group wheel.

	* The system ships with root in group wheel, so this change
	  would only affect existing systems if they happened to have
	  emptied the membership of group wheel for some reason.

Jason seemed to like the /etc/su.conf approach, but he appeared to be
virtually alone in that regard.  Curt was unhappy that removing the
members of group wheel isn't a very explicit way of lowering the
security of your system, but the old way (removing group wheel
entirely) isn't any better, so I don't think this change would make
matters worse.

If anyone (particularly people from "core") objects to my checking in
the following patch, please let me know soon.  Thanks.

*** su.c	1997/01/30 02:39:37	1.1
--- su.c	1997/01/30 02:42:16	1.2
*** 155,161 ****
  		/* only allow those in group zero to su to root. */
! 		if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)))
  			for (g = gr->gr_mem;; ++g) {
  				if (!*g) {
--- 155,162 ----
  		/* only allow those in group zero to su to root. */
! 		if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) &&
! 		    *gr->gr_mem) {
  			for (g = gr->gr_mem;; ++g) {
  				if (!*g) {
*** 165,170 ****
--- 166,172 ----
  				if (!strcmp(username, *g))
+ 			}
  		/* if target requires a password, verify it */
  		if (*pwd->pw_passwd) {