[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GNU su and the wheel group
|
From: |
Tristan Miller |
|
Subject: |
GNU su and the wheel group |
|
Date: |
Mon, 27 Sep 2004 18:41:37 +0200 |
|
User-agent: |
KNode/0.8.0 |
Greetings.
Apparently there are some versions of su which will refuse to run unless
the user is a member of the `wheel' group. GNU su refuses to implement
this check, because, as per a note from Richard Stallman in the info page,
> Under the usual `su' mechanism, once someone learns the root password who
> sympathizes with the ordinary users, he or she can tell the rest. The
> "wheel group" feature would make this impossible, and thus cement the
> power of the rulers.
I don't really understand this argument, for the following reasons:
1) If someone has the root password, can't they just log in as root from a
regular terminal or via ssh? Or is it typical for Un*x systems to be
configured such that the root account can be accessed only via su?
2) Even if su is the only way of logging in as root, why couldn't a
"sympathizer" simply add all users to the wheel group in addition to
telling others the root password?
Can someone explain to me how having a wheel group is supposedly more
restrictive?
Regards,
Tristan
--
_
_V.-o Tristan Miller [en,(fr,de,ia)] >< Space is limited
/ |`-' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-= <> In a haiku, so it's hard
(7_\\ http://www.nothingisreal.com/ >< To finish what you
- GNU su and the wheel group,
Tristan Miller <=