Allow a user in group 0 to su(1) to root if their primary

group is 0 in /etc/passwd even if they aren't listed as a member in /etc/group. This is more inline with what the group manpage says. PR: 6696 Submitted by: Max Euston <meuston@jmrodgers.com>
1998-05-25 03:34:52 +00:00 · 1998-05-25 03:34:52 +00:00 · c746f4b3f9
commit c746f4b3f9
parent d48f547f48
2 changed files with 21 additions and 9 deletions
--- a/usr.bin/su/su.1
+++ b/usr.bin/su/su.1
@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"	@(#)su.1	8.2 (Berkeley) 4/18/94
-.\"	$Id: su.1,v 1.3.2.5 1997/10/12 08:12:40 jmg Exp $
+.\"	$Id: su.1,v 1.12 1997/10/27 22:05:05 guido Exp $
 .\"
 .\" this is for hilit19's braindeadness: "
 .Dd April 18, 1994
@ -152,13 +152,16 @@ option as understood by most shells.  Note that
 usually expects a single argument only; you have to quote it when
 passing multiple words.
 .Pp
-Only users listed in group 0 (normally
+Only users who are a member of group 0 (normally
 .Dq wheel )
 can
 .Nm
 to
-.Dq root ,
-unless this group is empty.
+.Dq root .
+\ If group 0 is missing or empty, any user can
+.Nm
+to
+.Dq root .
 .Pp
 By default (unless the prompt is reset by a startup file) the super-user
 prompt is set to
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@ -42,7 +42,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)su.c	8.3 (Berkeley) 4/2/94";
 #endif
 static const char rcsid[] =
-	"$Id: su.c,v 1.24 1997/10/27 22:05:12 guido Exp $";
+	"$Id: su.c,v 1.25 1997/10/28 21:20:21 guido Exp $";
 #endif /* not lint */

 #include <sys/param.h>
@ -113,6 +113,7 @@ main(argc, argv)
 	char *p, **g, *user, *shell=NULL, *username, **cleanenv, **nargv, **np;
 	struct group *gr;
 	uid_t ruid;
+	gid_t gid;
 	int asme, ch, asthem, fastlogin, prio, i;
 	enum { UNSET, YES, NO } iscsh = UNSET;
 #ifdef LOGIN_CAP
@ -198,6 +199,7 @@ main(argc, argv)
 	if (pwd == NULL)
 		errx(1, "who are you?");
 	username = strdup(pwd->pw_name);
+	gid = pwd->pw_gid;
 	if (username == NULL)
 		err(1, NULL);
 	if (asme) {
@ -249,14 +251,21 @@ main(argc, argv)
 		}
 #endif
 		{
-			/* only allow those in group zero to su to root. */
+			/*
+			 * Only allow those with pw_gid==0 or those listed in
+			 * group zero to su to root.  If group zero entry is
+			 * missing or empty, then allow anyone to su to root.
+			 * iswheelsu will only be set if the user is EXPLICITLY
+			 * listed in group zero.
+			 */
 			if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) &&
 			    gr->gr_mem && *(gr->gr_mem))
 				for (g = gr->gr_mem;; ++g) {
 					if (!*g)
-						errx(1,
-			    "you are not in the correct group to su %s.",
-						    user);
+						if (gid == 0)
+							break;
+						else
+							errx(1, "you are not in the correct group to su %s.", user);
 					if (strcmp(username, *g) == 0) {
 #ifdef WHEELSU
 						iswheelsu = 1;