[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU su and the wheel group

From: Alan Schwartz
Subject: Re: GNU su and the wheel group
Date: Mon, 27 Sep 2004 19:44:24 +0000 (UTC)

Tristan Miller  <> writes:
>Apparently there are some versions of su which will refuse to run unless
>the user is a member of the `wheel' group.  GNU su refuses to implement
>this check, because, as per a note from Richard Stallman in the info page, 
>> Under the usual `su' mechanism, once someone learns the root password who
>> sympathizes with the ordinary users, he or she can tell the rest.  The
>> "wheel group" feature would make this impossible, and thus cement the
>> power of the rulers.
>I don't really understand this argument, for the following reasons:
>1) If someone has the root password, can't they just log in as root from a
>regular terminal or via ssh?  Or is it typical for Un*x systems to be
>configured such that the root account can be accessed only via su?

Often root logins are restricted so su is required, yes.

>2) Even if su is the only way of logging in as root, why couldn't a
>"sympathizer" simply add all users to the wheel group in addition to
>telling others the root password?

That's a good point, although obviously much more noticeable.

                       Alan Schwartz <>
Author/Co-author of: "Managing Mailing Lists", "SpamAssassin", 
"Stopping Spam", and  "Practical Unix & Internet Security, 3rd Ed"
           Published by O'Reilly Media, Inc. (

reply via email to

[Prev in Thread] Current Thread [Next in Thread]