To: None <>
From: Alan Barrett <>
List: tech-security
Date: 01/15/2001 09:26:52
On Wed, 10 Jan 2001, Simon J. Gerraty wrote:
> If SU_INDIRECT_GROUP is defined (it is by default), then su will
> consider that SUGROUP and ROOTAUTH group contain the names of
> users and groups. If user is not found in the list check_ingroup()
> recurses on each member until either user is found or end of chain
> is reached.
In addition to the comments others have made about why this should
default to being disabled, I have a comment about the lookup
Many sites have a separate group for each user, and use the same
spelling for both the user name and the group name. If one of these
user/group names appears in the wheel group, then I think that su
should treat it as a user name, not as a group name to be recursed
--apb (Alan Barrett)