On Wed, 10 Jan 2001, Simon J. Gerraty wrote:
> If SU_INDIRECT_GROUP is defined (it is by default), then su will
> consider that SUGROUP and ROOTAUTH group contain the names of
> users and groups.  If user is not found in the list check_ingroup()
> recurses on each member until either user is found or end of chain
> is reached.

In addition to the comments others have made about why this should
default to being disabled, I have a comment about the lookup
algorithm.

Many sites have a separate group for each user, and use the same
spelling for both the user name and the group name.  If one of these
user/group names appears in the wheel group, then I think that su
should treat it as a user name, not as a group name to be recursed
into.

--apb (Alan Barrett)