>Date: Thu, 9 Jan 1997 09:53:14 -0500
>From: Greg Hudson <ghudson@mit.edu>

>It seems poor to me that the only way to configure a machine to allow
>arbitrary users to su to root is to give up having a name for group 0.
>Assuming we want to solve this problem, there are two solutions I can
>come up with:
>
>	* Allow anyone to su to root if gid 0 exists and has no
>	  members.  Since NetBSD ships with root explicitly belonging
>	  to group wheel, the default behavior will not change.

I prefer this solution.

>	  This is the most minimal change, but you could still imagine
>	  it screwing over some systems which happen to have empty
>	  group wheels (for whatever reason) and don't realize that in
>	  the new version of NetBSD, anyone can su to root.

I think the usual notification of current-users should be sufficient.
The change should also be documented in doc/CHANGES and the notes for
the next release.
-- 
Mike Long <mike.long@analog.com>     <URL:http://www.shore.net/~mikel>
VLSI Design Engineer         finger mikel@shore.net for PGP public key
Analog Devices, CPD Division          CCBF225E7D3F7ECB2C8F7ABB15D9BE7B
Norwood, MA 02062 USA       (eq (opinion 'ADI) (opinion 'mike)) -> nil