Allow a user in group 0 to su(1) to root if their primary

group is 0 in /etc/passwd even if they aren't listed
as a member in /etc/group.  This is more inline with
what the group manpage says.

PR:		6696
Submitted by:	Max Euston <meuston@jmrodgers.com>
This commit is contained in:
steve 1998-05-25 03:34:52 +00:00
parent d48f547f48
commit c746f4b3f9
2 changed files with 21 additions and 9 deletions

View File

@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" @(#)su.1 8.2 (Berkeley) 4/18/94
.\" $Id: su.1,v 1.3.2.5 1997/10/12 08:12:40 jmg Exp $
.\" $Id: su.1,v 1.12 1997/10/27 22:05:05 guido Exp $
.\"
.\" this is for hilit19's braindeadness: "
.Dd April 18, 1994
@ -152,13 +152,16 @@ option as understood by most shells. Note that
usually expects a single argument only; you have to quote it when
passing multiple words.
.Pp
Only users listed in group 0 (normally
Only users who are a member of group 0 (normally
.Dq wheel )
can
.Nm
to
.Dq root ,
unless this group is empty.
.Dq root .
\ If group 0 is missing or empty, any user can
.Nm
to
.Dq root .
.Pp
By default (unless the prompt is reset by a startup file) the super-user
prompt is set to

View File

@ -42,7 +42,7 @@ static const char copyright[] =
static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";
#endif
static const char rcsid[] =
"$Id: su.c,v 1.24 1997/10/27 22:05:12 guido Exp $";
"$Id: su.c,v 1.25 1997/10/28 21:20:21 guido Exp $";
#endif /* not lint */
#include <sys/param.h>
@ -113,6 +113,7 @@ main(argc, argv)
char *p, **g, *user, *shell=NULL, *username, **cleanenv, **nargv, **np;
struct group *gr;
uid_t ruid;
gid_t gid;
int asme, ch, asthem, fastlogin, prio, i;
enum { UNSET, YES, NO } iscsh = UNSET;
#ifdef LOGIN_CAP
@ -198,6 +199,7 @@ main(argc, argv)
if (pwd == NULL)
errx(1, "who are you?");
username = strdup(pwd->pw_name);
gid = pwd->pw_gid;
if (username == NULL)
err(1, NULL);
if (asme) {
@ -249,14 +251,21 @@ main(argc, argv)
}
#endif
{
/* only allow those in group zero to su to root. */
/*
* Only allow those with pw_gid==0 or those listed in
* group zero to su to root. If group zero entry is
* missing or empty, then allow anyone to su to root.
* iswheelsu will only be set if the user is EXPLICITLY
* listed in group zero.
*/
if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) &&
gr->gr_mem && *(gr->gr_mem))
for (g = gr->gr_mem;; ++g) {
if (!*g)
errx(1,
"you are not in the correct group to su %s.",
user);
if (gid == 0)
break;
else
errx(1, "you are not in the correct group to su %s.", user);
if (strcmp(username, *g) == 0) {
#ifdef WHEELSU
iswheelsu = 1;