su Security
guy at gorodish.UUCP
guy at gorodish.UUCP
Fri Feb 6 05:40:47 AEST 1987
>>"su" program is restricted to people who are listed in the /etc/group
>>file as being in the "0" group.
>
>Not quite, People of group 1(adm here, 0 is now default) are the only
>ones able to su to root.
Ron's right, you're wrong. From the vanilla 4.3BSD "su.c":
/*
* Only allow those in group zero to su to root.
*/
if (pwd->pw_uid == 0) {
struct group *gr;
int i;
if ((gr = getgrgid(0)) != NULL) {
for (i = 0; gr->gr_mem[i] != NULL; i++)
if (strcmp(buf, gr->gr_mem[i]) == 0)
goto userok;
fprintf(stderr, "You do not have permission to su %s\n",
user);
exit(1);
}
userok:
setpriority(PRIO_PROCESS, 0, -2);
}
More information about the Comp.unix.wizards
mailing list