[Gllug] What is the 'wheel' group for?

Doug Winter doug at pigeonhold.com
Fri Apr 2 10:52:01 UTC 2004


On Fri 02 Apr Bruce Richardson wrote:
> As others have said, on some *nix systems only members of the wheel
> group can su to root.  You can add this restriction to most Linux
> systems quite simply, using PAM, by changing the PAM settings for su to
> include the pam_wheel module.

c.f. the su info file:

Why GNU `su' does not support the `wheel' group
 ===============================================
 
    (This section is by Richard Stallman.)
 
    Sometimes a few of the users try to hold total power over all the
 rest.  For example, in 1984, a few users at the MIT AI lab decided to
 seize power by changing the operator password on the Twenex system and
 keeping it secret from everyone else.  (I was able to thwart this coup
 and give power back to the users by patching the kernel, but I wouldn't
 know how to do that in Unix.)
 
    However, occasionally the rulers do tell someone.  Under the usual
 `su' mechanism, once someone learns the root password who sympathizes
 with the ordinary users, he or she can tell the rest.  The "wheel
 group" feature would make this impossible, and thus cement the power of
 the rulers.
 
    I'm on the side of the masses, not that of the rulers.  If you are
 used to supporting the bosses and sysadmins in whatever they do, you
 might find this idea strange at first.



-- 
   http://adju.st   | Here's something to think about: 
6973E2CF: 2C95 66AD | How come you never see a headline like 
1596 37D2 41FC 609F | 'Psychic Wins Lottery'?
76C0 A4EC 6973 E2CF |    -- Jay Leno
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list