*** su.c.orig	Fri Jun 20 11:15:21 1997
--- su.c	Fri Jun 20 11:33:27 1997
***************
*** 36,42 ****
  
     This program intentionally does not support a "wheel group" that
     restricts who can su to UID 0 accounts.  RMS considers that to
!    be fascist.
  
     Options:
     -, -l, --login	Make the subshell a login shell.
--- 36,42 ----
  
     This program intentionally does not support a "wheel group" that
     restricts who can su to UID 0 accounts.  RMS considers that to
!    be fascist.  (this is fixed now...)
  
     Options:
     -, -l, --login	Make the subshell a login shell.
***************
*** 77,82 ****
--- 77,84 ----
  #include <grp.h>
  #include "system.h"
  
+ #define WHEEL_GROUP "wheel"
+ 
  #if defined(HAVE_SYSLOG_H) && defined(HAVE_SYSLOG)
  #include <syslog.h>
  #else /* !HAVE_SYSLOG_H */
***************
*** 458,463 ****
--- 460,469 ----
    struct passwd *pw;
    struct passwd pw_copy;
  
+   int loop;
+   char *current_user;
+   struct group *wheel_group;
+ 
    program_name = argv[0];
    setlocale (LC_ALL, "");
    bindtextdomain (PACKAGE, LOCALEDIR);
***************
*** 533,538 ****
--- 539,578 ----
    pw->pw_name = xstrdup (pw->pw_name);
    pw->pw_dir = xstrdup (pw->pw_dir);
    pw->pw_shell = xstrdup (pw->pw_shell);
+ 
+ #ifdef WHEEL_GROUP
+ 
+ /* I happen to disagree with Stallman in many locations, this being
+    one of them... (only users in the wheel group should be allowed to
+    su to root.) -- Theo Van Dinter (felicity@kluge.net) - 1997/06/20 */
+ 
+   /* Section "borrowed" from log_su() */
+   current_user = getlogin ();
+   if ( current_user==NULL )
+     current_user="";
+ 
+   /* trying to goto root, the wheel group exists, and the group
+      doesn't contain a null user list */
+   if (pw->pw_uid == 0 && (wheel_group=getgrnam(WHEEL_GROUP)) != NULL
+       && wheel_group->gr_mem[0]!=NULL) {
+ 
+     for(loop=0;wheel_group->gr_mem[loop]!=NULL &&
+ 	  strcmp(wheel_group->gr_mem[loop],current_user); loop++);
+ 
+     /* trying to go root, and not in the wheel group... */
+     if ( wheel_group->gr_mem[loop]==NULL ) { 
+ 	
+ #ifdef SYSLOG_FAILURE
+       log_su (pw, 0);
+ #endif
+ 
+       error (1,0,_("can't su to root, not in group wheel"));
+     }
+   }
+   /* If the wheel group doesn't exist, or there are no users listed in
+      the wheel group, all users are allowed su access to root. */
+ 
+ #endif
  
    if (!correct_password (pw))
      {