[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GNU su and the wheel group

From: Tristan Miller
Subject: GNU su and the wheel group
Date: Mon, 27 Sep 2004 18:41:37 +0200
User-agent: KNode/0.8.0


Apparently there are some versions of su which will refuse to run unless
the user is a member of the `wheel' group.  GNU su refuses to implement
this check, because, as per a note from Richard Stallman in the info page, 

> Under the usual `su' mechanism, once someone learns the root password who
> sympathizes with the ordinary users, he or she can tell the rest.  The
> "wheel group" feature would make this impossible, and thus cement the
> power of the rulers.

I don't really understand this argument, for the following reasons:

1) If someone has the root password, can't they just log in as root from a
regular terminal or via ssh?  Or is it typical for Un*x systems to be
configured such that the root account can be accessed only via su?

2) Even if su is the only way of logging in as root, why couldn't a
"sympathizer" simply add all users to the wheel group in addition to
telling others the root password?

Can someone explain to me how having a wheel group is supposedly more


  _V.-o  Tristan Miller [en,(fr,de,ia)]  ><  Space is limited
 / |`-'  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  <>  In a haiku, so it's hard
(7_\\   ><  To finish what you

reply via email to

[Prev in Thread] Current Thread [Next in Thread]