Re: GNU su and the wheel group

[David Kastrup]

<telford@xenon.triode.net.au> writes:

> Sam Holden <sholden@flexal.cs.usyd.edu.au> wrote:
>> On Mon, 04 Oct 2004 23:25:49 -0400, Paul Jarc <prj@po.cwru.edu> wrote:
>>><telford@xenon.triode.net.au> wrote:
>>>> [root]# ls -l /bin/su
>>>> -rwsr-x---    1 root     wheel       94625 Oct 12  2003 /bin/su
>>>>
>>>> Now only members of the wheel group can run su... how exciting!
>>>
>>> And I would say that this itself makes a better argument against
>>> having code in su to check for the wheel group.  Less code to verify
>>> is good, especially in such a security-sensitive program.
>
>> What about the poor souls who want to su from one user account to
>> another?
>
> How realistic is this?

Very realistic.  It is very common that one user asks another "I am
having this and that problem, it does not work here" and then the
other user comes over, uses su in an xterm to get into his own
account, picks the necessary information, does a copy&paste job or
whatever else, and logs out again.

For this kind of one user helping out another, su is very common.  And
I think it is prohibiting _this_ sort of cooperation is what the
"fascist" label is about.

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum