cendres at videotron.ca
Sun Jan 11 13:06:38 PST 2004
On January 11, 2004 07:26 am, Miguel Bazdresch wrote:
> * Robert Connolly <cendres at videotron.ca> [04-0111 12:19]:
> > On January 10, 2004 04:54 pm, Amanda Lynn Rossmiller wrote:
> > > > > what's the matter with su?
> > > >
> > > > Why should everyone have equal access to su? selinux/rsbac fixes this
> > > > though.
> > >
> > > you mean anyone can su?
> > > i haven't tried it in linux,
> > > in openbsd (i just recently migrated)
> > > only users in group wheel could su,
> > > i thought it would be the same in linux...
> > Stallman of Gnu has political reasons for allowing all users to use
> > su.
> Do you have a pointer? I'm interested.
In coreutils, su.c
"This program intentionally does not support a "wheel group" that restricts
who can su to UID 0 accounts. RMS considers that to be fascist."
There is more to this story but I forget where I read it.
> > There are patches to break it.
> su has many valid and/or useful uses. What is it exactly that those
> patches "break"? I don't want to "break" su without good reason.
The group wheel patch would break Stallman's philosophy. It was stated before
though, that su could be only executable by group root (chmod o-rx), and su
would be only usable by group root.
More information about the hlfs-dev