From issei@mikage.t-cnet.or.jp  Sat Jun 13 16:52:01 1998
Received: from ns.mikage.t-cnet.or.jp (ns.mikage.t-cnet.or.jp [210.169.187.130])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA24830
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 13 Jun 1998 16:51:59 -0700 (PDT)
          (envelope-from issei@mikage.t-cnet.or.jp)
Received: (from uucp@localhost)
	by ns.mikage.t-cnet.or.jp (8.8.8/3.6W) id IAA04790
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 14 Jun 1998 08:53:13 +0900 (JST)
Received: from ordin.mikage.t-cnet.or.jp(210.169.187.132)
 via SMTP by ns.mikage.t-cnet.or.jp, id smtpdlw4787; Sun Jun 14 08:53:10 1998
Received: (from issei@localhost)
	by ordin.mikage.t-cnet.or.jp (8.8.8/3.6W) id IAA20433;
	Sun, 14 Jun 1998 08:51:54 +0900 (JST)
Message-Id: <199806132351.IAA20433@ordin.mikage.t-cnet.or.jp>
Date: Sun, 14 Jun 1998 08:51:54 +0900 (JST)
From: issei@mikage.t-cnet.or.jp
Reply-To: issei@mikage.t-cnet.or.jp
To: FreeBSD-gnats-submit@freebsd.org
Subject: su doesn't see user's login group.
X-Send-Pr-Version: 3.2

>Number:         6941
>Category:       bin
>Synopsis:       User cannot su to root even if his login group is wheel.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 13 17:00:00 PDT 1998
>Closed-Date:    Sun Jun 14 07:08:34 PDT 1998
>Last-Modified:  Tue Nov 27 19:25:39 PST 2001
>Originator:     Issei Suzuki
>Release:        FreeBSD 2.2.6-STABLE i386
>Organization:
A Site under T-CNET
>Environment:

	

>Description:

For security reason, user must belongs to wheel group when he wants to su
root. But even if his login group is wheel (I mean getgid() == 0), he cannot
su to root without his name at wheel group entry in /etc/group.

If you want to keep current specification for some reason, you shoud explicitly
refer to it in su(1).

>How-To-Repeat:

Add user with his login group being wheel and witout his entry in wheel group
in /etc/group. Login as he and execute su command.

% su
su: you are not in the correct group to su root.

>Fix:
	
Apply the following patch:

--- su.orig/su.c	Sun Jun 14 08:20:49 1998
+++ su/su.c	Sun Jun 14 08:19:54 1998
@@ -255,7 +255,7 @@
 #endif
 		{
 			/* only allow those in group zero to su to root. */
-			if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) &&
+			if ((pwd->pw_uid == 0 && getgid()) && (gr = getgrgid((gid_t)0)) &&
 			    gr->gr_mem && *(gr->gr_mem))
 				for (g = gr->gr_mem;; ++g) {
 					if (!*g)
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: wosch 
State-Changed-When: Sun Jun 14 07:08:34 PDT 1998 
State-Changed-Why:  
Already fixed in 
3.0-current: src/usr.bin/su/su.c rev 1.26  
2.2-stable: src/usr.bin/su/su.c rev 1.14.2.8 
>Unformatted:
