On Fri, Dec 13, 2002 at 05:25:52AM +0800, John Summerfield wrote: > On Thu, 12 Dec 2002, Matt Zimmerman wrote: > > Please report a bug against that package, or tell me where you saw this and > > I will report the bug. > > The script is su-to-root, the package menu.
Bug > I'd certainly not bet that the same thing doesn't occur in Red Hat Linux, > and the fact someone ran RHL without an account called root doesn't mean a > lot. I'm sure I could run this system for a long time without running into > the problem. Probably so. This is generally valid, but definitely nonstandard. In the case of su-to-root, the script will do the wrong thing for users with uid 0 which are not named 'root', which is wrong anyway. > I don't think using UID=0 as a test for whether a user has the capacity to > perform some action is all that wonderful either, though I don't know a > better way. In some cases, one can test by trying to do it - to see if I > can write in a particular directory, try to create a file there.Lots of > people here have /usr mounted ro. Some may have played with LIDS. I had a > play with Engarde Linux a while ago, and root is severely curtailed. In the case of su-to-root, checking for uid 0 is the best solution available due to the nature of the interface provided. It provides a means for arbitrary commands which require root privileges to be (for example) launched from a menu interface, by providing the user the opportunity to su. If they are already root, this is obviously unnecessary. On a filesystem, the access() system call is the right thing to do. -- - mdz
