diff options
author | steve <steve@FreeBSD.org> | 1998-05-25 03:34:52 +0000 |
---|---|---|
committer | steve <steve@FreeBSD.org> | 1998-05-25 03:34:52 +0000 |
commit | 3b0c6ff2d7cb4a890794a6e4a6f7a3656b4d9235 (patch) | |
tree | 3168f398093ead9ea6df114e6f01a432e5d1db70 /usr.bin | |
parent | d0fc5c4c1bd3b08907cdc02d739d460ec2e5c415 (diff) | |
download | FreeBSD-src-3b0c6ff2d7cb4a890794a6e4a6f7a3656b4d9235.zip FreeBSD-src-3b0c6ff2d7cb4a890794a6e4a6f7a3656b4d9235.tar.gz |
Allow a user in group 0 to su(1) to root if their primary
group is 0 in /etc/passwd even if they aren't listed
as a member in /etc/group. This is more inline with
what the group manpage says.
PR: 6696
Submitted by: Max Euston <meuston@jmrodgers.com>
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/su/su.1 | 11 | ||||
-rw-r--r-- | usr.bin/su/su.c | 19 |
2 files changed, 21 insertions, 9 deletions
diff --git a/usr.bin/su/su.1 b/usr.bin/su/su.1 index a2452b9..5a46469 100644 --- a/usr.bin/su/su.1 +++ b/usr.bin/su/su.1 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)su.1 8.2 (Berkeley) 4/18/94 -.\" $Id: su.1,v 1.3.2.5 1997/10/12 08:12:40 jmg Exp $ +.\" $Id: su.1,v 1.12 1997/10/27 22:05:05 guido Exp $ .\" .\" this is for hilit19's braindeadness: " .Dd April 18, 1994 @@ -152,13 +152,16 @@ option as understood by most shells. Note that usually expects a single argument only; you have to quote it when passing multiple words. .Pp -Only users listed in group 0 (normally +Only users who are a member of group 0 (normally .Dq wheel ) can .Nm to -.Dq root , -unless this group is empty. +.Dq root . +\ If group 0 is missing or empty, any user can +.Nm +to +.Dq root . .Pp By default (unless the prompt is reset by a startup file) the super-user prompt is set to diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 2787d1a..c5ab34e 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94"; #endif static const char rcsid[] = - "$Id: su.c,v 1.24 1997/10/27 22:05:12 guido Exp $"; + "$Id: su.c,v 1.25 1997/10/28 21:20:21 guido Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -113,6 +113,7 @@ main(argc, argv) char *p, **g, *user, *shell=NULL, *username, **cleanenv, **nargv, **np; struct group *gr; uid_t ruid; + gid_t gid; int asme, ch, asthem, fastlogin, prio, i; enum { UNSET, YES, NO } iscsh = UNSET; #ifdef LOGIN_CAP @@ -198,6 +199,7 @@ main(argc, argv) if (pwd == NULL) errx(1, "who are you?"); username = strdup(pwd->pw_name); + gid = pwd->pw_gid; if (username == NULL) err(1, NULL); if (asme) { @@ -249,14 +251,21 @@ main(argc, argv) } #endif { - /* only allow those in group zero to su to root. */ + /* + * Only allow those with pw_gid==0 or those listed in + * group zero to su to root. If group zero entry is + * missing or empty, then allow anyone to su to root. + * iswheelsu will only be set if the user is EXPLICITLY + * listed in group zero. + */ if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) && gr->gr_mem && *(gr->gr_mem)) for (g = gr->gr_mem;; ++g) { if (!*g) - errx(1, - "you are not in the correct group to su %s.", - user); + if (gid == 0) + break; + else + errx(1, "you are not in the correct group to su %s.", user); if (strcmp(username, *g) == 0) { #ifdef WHEELSU iswheelsu = 1; |