hlfs team

Miguel Bazdresch lfs-01 at thewizardstower.org
Sun Jan 11 15:48:56 PST 2004


* Robert Connolly <cendres at videotron.ca> [04-0112 00:24]:
> On January 11, 2004 07:26 am, Miguel Bazdresch wrote:
> > * Robert Connolly <cendres at videotron.ca> [04-0111 12:19]:

> > > Stallman of Gnu has political reasons for allowing all users to use
> > > su.
> >
> > Do you have a pointer? I'm interested.
> 
> In coreutils, su.c
> "This program intentionally does not support a "wheel group" that restricts 
> who can su to UID 0 accounts. RMS considers that to be fascist."
> There is more to this story but I forget where I read it.

Thanks.

There's a difference between "allowing all users to use su" and
limiting the use of su to UID 0 accounts. In my system some users can
use su, but only one can su to root. su has many uses besides becoming
root.

> > > There are patches to break it.
> >
> > su has many valid and/or useful uses. What is it exactly that those
> > patches "break"? I don't want to "break" su without good reason.
> 
> The group wheel patch would break Stallman's philosophy. It was stated before 
> though, that su could be only executable by group root (chmod o-rx), and su 
> would be only usable by group root.

That's fine. The /etc/suauth file is interesting too. What I still
don't understand is the need for a patch given that we have permissions
and the suauth file to play with.

-- 
Miguel Bazdresch
http://thewizardstower.org/



More information about the hlfs-dev mailing list