Subject: su
To: None <current-users@sun-lamp.cs.berkeley.edu>
From: Open Carefully -- Contents Under Pressure <greywolf@autodesk.com>
List: current-users
Date: 07/28/1994 09:47:13
Okay, I *know* BSD != SunOS, but I think that Sun had a Good Idea (TM)
when they wrote the "su" code as follows:
- You cannot become super-user unless you are in group 0. (BSD has already
done this, obviously.)
- The exception to this rule is if the group list for group 0 is empty.
(SunOS did this).
I can see pros and cons for this, and I see the flame-throwers on already,
but for ease of operation, I don't view it as a bad idea.
If anyone disagrees, feel free to verbalise, but I would implore that
the approach of "Are you {stupid,a moron,a total idiot}? The reasoning
is obvious!" not be used in this instance, because the mechanism seems
to me to be worth implementing. The reversal to standard BSD behaviour
would be to stick only root in group 0.
As an alternative to the above, there should be some way to un-restrict
super-user access without including everyone in the world in the group
list, should it become necessary (large bases of non-technical or
non-system-interested users, such as the organization for which I work,
come to mind -- when I need to grab a window from the closest available
machine in an emergency, I don't really want to have to su to me first).
I've gotten spoiled, I guess.
I could implement this in my own sources but I guess that kind of misses
the point.
Comments? Agreement? Dissent?
[ DISCLAIMER: I'm no kernel wizard, but I'm no joe q. luser, either ]
--
_______Wizardry is dead._____ _____WHO: Greywolf (my nameplate even says so)
/ ___\ _ \ __\ V / \ / /__ \| | __/WHAT: UNIX System Mangler...er, Admin
\ \| | < _| ` ' \ '` / \/ /|_| _/ WHERE: Autodesk, Inc. 3 Harbor Dr.
\___|_|\_\__\|_| \/\/ \__/___/_| Sausalito, CA 94965 (415) 332-2344 x4219
see also: gandalf@netcom.com
------------------------------------------------------------------------------