su & wheel group note (Was: Re: [Nottingham] suid / sgid file params puzzle ... or a bug?)

Martin martin at ml1.co.uk
Sun May 30 00:30:05 BST 2004


Martin wrote:
[...]
> The script is run from localrc at startup and hence is root at the 
> point. The "su" is obviously needed here.

 From the "info coreutils su" page:

###
Why GNU `su' does not support the `wheel' group
-----------------------------------------------


  (This section is by Richard Stallman.)



  Sometimes a few of the users try to hold total power over all the 
rest. For example, in 1984, a few users at the MIT AI lab decided to 
seize power by changing the operator password on the Twenex system and 
keeping it secret from everyone else. (I was able to thwart this coup 
and give power back to the users by patching the kernel, but I wouldn't 
know how to do that in Unix.)


However, occasionally the rulers do tell someone. Under the usual `su' 
mechanism, once someone learns the root password who sympathizes with 
the ordinary users, he or she can tell the rest. The "wheel group" 
feature would make this impossible, and thus cement the power of the 
rulers.


I'm on the side of the masses, not that of the rulers. If you are used 
to supporting the bosses and sysadmins in whatever they do, you might 
find this idea strange at first.
###


Phew!

History in action. Better make sure your root password is good.

(:-))
Martin

-- 
----------------
Martin Lomas
martin at ml1.co.uk
----------------




More information about the Nottingham mailing list