Re: two questions about su(1)

It appears that Paul Vixie <paul@redbarn.org> said:
>first, why is the -c check not applied until after a password is collected?

Beats me, it's a very old program

>second, what exactly do we think this -c restriction is buying us?

Keeping in mind that -c specfies a login class, not a command, different
login classes can have different resource limits, so I expect that they
didn't want to let random users turn into other random users with raised
reource limits.

Personally, I've never used any login class other than the default so there
is a lot of hand waving here.

R's,
John