>in comp.security.misc i read:
>>My guess is that it was done this way so that dialup users wouldn't have to
>>hang up and dial in again to get a new login prompt. They could just type
>>"login <username>". The Trusted Path concept wasn't important to the
>>original Unix designers, either.
>>Don't ask me why they would need to use "login <username>" instead of "su -
>><username>". Maybe it predated the "su" command?
> exec login username
>to save memory, instead of pushing down a level. important on some of the
I think that many shells have "login" as a built-in that performs "exec
login". If you really want to push a level you had to type \login or
/bin/login. The tcsh(1) man page says:
login Terminates a login shell, replacing it with an
instance of /bin/login. This is one way to log off,
included for compatibility with sh(1).
The builtin checks whether it's being run from a login shell, and reports
an error if not. If you execute /bin/login directly, on Solaris 2.6 it
checks whether there's a utmpx entry for the current tty; if there isn't,
it assumes you're not in a login shell.
I don't think early versions had all these checks; they become more
necessary with the advent of window systems.
Quote:>also if you are `transferring' control to another person, a push via su
>means that they can exit and resume control as the previous user, but an
>exec of login means that control is irrevocably transferred.
So does "exec su username".
The main difference between su and login is that login updates databases
like utmp, so "who" shows the new user rather than the original login user.
If you push a login and then return from it, you'll end up as a phantom
user, because utmp will claim that no one is logged into that tty.
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.