Permissions needed to run 'su'

The MaD ScIeNTiSt navarra at casbah.acns.nwu.edu
Thu Mar 28 15:28:56 AEST 1991 


In article <1991Mar26.013137.22927 at casbah.acns.nwu.edu> navarra at casbah.acns.nwu.edu (The MaD ScIeNTiSt) writes:
>In article <4880 at lib.tmc.edu> dct at mdaali.cancer.utexas.edu (David C. Tuttle) writes:
>>
>>Today, I found that I could not "su" to root from my no-special-privileges 
>>account (i.e., an account not in the "wheel" group).  My administrator 
>>account (in the "wheel" group) was not affected.  Now, I wonder what I (or 
>>someone else?) have done to cause this.  And more generally, what does one 
>
>        Under versions of 4.2BSD or later, only users in the wheel group
> listed in /etc/groups are allowed to su to root. --
> 
> check  out su2 though -- that might work from you other account.

-But he's running SunOS!  Although SunOS4.0.3 is based on 4.3BSD, the
-functionality is not the same.  On our system, there are no non-root
-accounts in group wheel, yet for SunOS3.5, SunOS4.0.3, SunOS4.1 and
-SunOS4.1.1 I can su to root from my own account.





SU(1V)                   USER COMMANDS                     SU(1V)



NAME
     su - super-user, temporarily switch to a new user ID

SYNOPSIS
     su [ - ] [ -f ] [ username [ arg...  ] ]

SYSTEM V SYNOPSIS
     su [ - ] [ username [ arg...  ] ]


     If no username is specified, root is assumed.  If the  wheel
     group  (group  0)  does not contain a null user list and has
     members, only they can su to root, even with the root  pass-
     word.  To remind the super-user of his responsibilities, the
     shell substitutes `#' for '$' or '%'  in  its  usual  prompt


Sun Release 4.1  Last change: 21 September 1989                 2
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I run SunOS 4.1 too.


-What results do you get when you su from your no-privilege account?

this is what I get!
$ su 
  You do not have permission to su root

my name is not listed in /etc/group  under wheel.


-On a SunOS4.1 or SunOS4.1.1 machine, su'ing to root gives me root's
-environment --- ie. home directory /, shell csh.
-
-So, when you su, try `id' to see if you really have failed to su.

-Mark

I don't understand how you get a root shell. ON my machine I do not have     
permission to do this -- so I can't type id to see if it worked!

But as I said before -- I believe you can list your name in
/usr/local/lib/super-users and issue the su2 command to su to 
root with your non-wheel account and get root privs. Unfortunately
my name is not in there -- check it out.
-- 
>From the Lab of the MAd ScIenTisT....

navarra at casbah.acns.nwu.edu

More information about the Comp.unix.admin mailing list