Misleading message in 'su' info document

Thornton Prime thornton at yoyoweb.com
Wed Aug 20 00:39:02 UTC 2003


On Tue, 2003-08-19 at 11:51, blocke at shivan.org wrote:>
> > I am against any change. The default behavior is documented correctly.
> 
> This is not documenting a default behaviour.  This is documenting that the
>  functionality is not provided at all when it is and gives an ancient rant
> as an excuse why.  In my opinion if people want to preserve the rant for

I think it would be a mistake to document PAM functionality in the su
info pages.

You may be right about the historical rant. Even though I disagree with
RMS, I think it is a nice bit of history, and I like your idea of
preserving it elsewhere.

> Thus breaking user to user su for non-wheel users.  It is not the same.

I don't know how to do this with PAM. Can you explain how this is done?
On my systems, when I add

  auth required /path/pam_wheel.so use_uid

it limits user to user su also. Is there an option I'm missing?

> But in Red Hat it does, via pam, and should be documented as such.

And it could be done just as easily with other methods, like RBAC and
stuff. My concern is that pam_wheel is a generic PAM module which can
provide the functionality that RMS rants against, but it is not limited
to su, is not part of the su code, and it is not the default
configuration of su.

I guess I don't have a problem mentioning in the su info that there ways
of getting wheel limits (and pointing to PAM as one), but the su doc is
not the place to document pam_wheel.

thornton





More information about the devel mailing list