su & wheel group note (Was: Re: [Nottingham] suid / sgid file params
puzzle ... or a bug?)
Martin
martin at ml1.co.uk
Sun May 30 00:30:05 BST 2004
Martin wrote:
[...]
> The script is run from localrc at startup and hence is root at the
> point. The "su" is obviously needed here.
From the "info coreutils su" page:
###
Why GNU `su' does not support the `wheel' group
-----------------------------------------------
(This section is by Richard Stallman.)
Sometimes a few of the users try to hold total power over all the
rest. For example, in 1984, a few users at the MIT AI lab decided to
seize power by changing the operator password on the Twenex system and
keeping it secret from everyone else. (I was able to thwart this coup
and give power back to the users by patching the kernel, but I wouldn't
know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual `su'
mechanism, once someone learns the root password who sympathizes with
the ordinary users, he or she can tell the rest. The "wheel group"
feature would make this impossible, and thus cement the power of the
rulers.
I'm on the side of the masses, not that of the rulers. If you are used
to supporting the bosses and sysadmins in whatever they do, you might
find this idea strange at first.
###
Phew!
History in action. Better make sure your root password is good.
(:-))
Martin
--
----------------
Martin Lomas
martin at ml1.co.uk
----------------
More information about the Nottingham
mailing list