From: utzoo!decvax!cca!ps@Lbl-Unix@sri-unix Newsgroups: net.unix-wizards Title: login Article-I.D.: sri-unix.3317 Posted: Fri Sep 17 01:21:12 1982 Received: Fri Sep 17 06:30:47 1982 From: ps at Lbl-Unix (Peter Staubach [ou]) Date: 13 Sep 1982 20:23:01-PDT Instead of hacking on login, why not just either make login NOT setuid root or just not make it world-executable? Login does not have to be either, as login is run by getty which is run by init as root, hence, it has enough power and can be exec'd provided that any of the exec bits are on. This would seem to fix the problem with people using login to change what utmp thinks. Also, having people login over themselves messes up the connect time accounting, at least two people get charged for the same time . ps