Re: Where is old "info su" which had RMS comment ??

To: Joseph Carter <knghtbrd@bluecherry.net>
Cc: debian-devel <debian-devel@lists.debian.org>, login@packages.debian.org
Subject: Re: Where is old "info su" which had RMS comment ??
From: Ben Collins <bcollins@debian.org>
Date: Tue, 24 Sep 2002 15:16:47 -0400
Message-id: <[🔎] 20020924191647.GK28289@phunnypharm.org>
In-reply-to: <[🔎] 20020924190931.GC18395@bluecherry.net>
References: <[🔎] 20020924044954.GA3033@aokiconsulting.com> <[🔎] 20020924073617.GL14937@engmail.uwaterloo.ca> <[🔎] 20020924174458.GA18395@bluecherry.net> <[🔎] 20020924180648.GI28289@phunnypharm.org> <[🔎] 20020924190931.GC18395@bluecherry.net>

> And there lies the center of my annoyance: We don't have a wheel group or
> anything like it today because of a bad call which seemed good at the
> time, more than a decade ago.  Whether or not it would enhance security at
> all is not even in question.  Only the historical tradition that it has
> not been there for so long seems to argue against it.  Might not matter so
> much on my single-user system behind a firewall, but it sure matters on
> the ISP shell server with hundreds of users..

What the fuck are you smoking? We don't use the su from sh-utils. We use
the one from shadow utils. It does (did) have internal support for
wheel, but now we use pam_wheel. We've always had this as long as I can
remember. Even before pam_wheel we used shadow's internal support for a
wheel group (SU_WHEEL_ONLY in /etc/login.defs).

Your annoyance is misplaced.

Not only that, RMS didn't want a "less" secure system. What he wanted
was to be able to use the root password, if he was able to get it. The
wheel group was not really designed to thwart that. It's intention was
to keep people from brute forcing su. If you are not allowed to su (IOW,
not in the wheel group), then you don't even get a password prompt.

The system in question that he discussed in this case was open to all
users to su. Until, that is, a small group took away that power from
most of the users.

Once again, knghtbrd distorts the facts to support his own fabricated
paranoia and spread further FUD.

-- 
Debian     - http://www.debian.org/
Linux 1394 - http://www.linux1394.org/
Subversion - http://subversion.tigris.org/
Deqo       - http://www.deqo.com/

Reply to:

References:
- Where is old "info su" which had RMS comment ??
  - From: Osamu Aoki <debian@aokiconsulting.com>
- Re: Where is old "info su" which had RMS comment ??
  - From: Simon Law <sfllaw@engmail.uwaterloo.ca>
- Re: Where is old "info su" which had RMS comment ??
  - From: Joseph Carter <knghtbrd@bluecherry.net>
- Re: Where is old "info su" which had RMS comment ??
  - From: Ben Collins <bcollins@debian.org>
- Re: Where is old "info su" which had RMS comment ??
  - From: Joseph Carter <knghtbrd@bluecherry.net>

Prev by Date: Re: Where is old "info su" which had RMS comment ??
Next by Date: Bug#162207: ITP: libgtk-canvas -- port of GNOME Canvas back to gtk+
Previous by thread: Re: Where is old "info su" which had RMS comment ??
Next by thread: Re: Where is old "info su" which had RMS comment ??
Index(es):
- Date
- Thread