27 December 2014

The pre-history of sudo...

I was reminded by this article on Evi Nemeth of the days before sudo. It seems like every group of UNIX users had an "su alternative" that avoided having to share the root password.

The su alternative at Berkeley was called "setsh". It wasn't just used for root, users could let other users into their account using setsh - this was a necessary evil back then because users could only be in one group at a time. It was generally distributed as source, users would edit the names of other users they wanted to let into their account into a table in the code, and compile it and leave a copy in ~/bin. So to run a command as someone you were working with you'd run "~them/bin/setsh" and if you were in the list, you'd get a shell su-ed to them.

Surprisingly, in hindsight, I don't recall ever hearing of anyone putting a boobytrap into ~/bin/setsh.