sslug-teknik team mailing list archive

[blackie@xxxxxxx (Jesper K. Pedersen)]

"Mark Holm" <markh@xxxxxxxx> writes:

| Hejza SSLUG'er
| 
| Er der mons tro nogen, der kan fortælle mig om wheel-gruppen på en Linux
| maskine, og hvordan man bruger den. Dét, jeg gerne vil have er at det kun er
| "wheel"-gruppen, der kan su'e til uid 0 (denne gruppe kaldes vist for "root"
| under Linux), og i min /etc/login.defs er der en option, der hedder
| "SU_WHEEL_ONLY", som jeg har enablet. Det jeg så gør, er at jeg placerer de
| brugere, der skal kunne su'e til uid 0 i gruppen "root" i /etc/group, men
| alle brugere kan stadig su'e til uid 0...hvorfor? :o(

Fra info siden til su fandt jeg for nogen tid siden denne
beskrivelse. Dette passer ikke rigtigt helt overens med hvad du har
fundet, men det kan jo være at det er en "feature to come...."

Mvh Jesper.

Why GNU `su' does not support the `wheel' group
===============================================

   (This section is by Richard Stallman.)

   Sometimes a few of the users try to hold total power over all the
rest.  For example, in 1984, a few users at the MIT AI lab decided to
seize power by changing the operator password on the Twenex system and
keeping it secret from everyone else.  (I was able to thwart this coup
and give power back to the users by patching the kernel, but I wouldn't
know how to do that in Unix.)

   However, occasionally the rulers do tell someone.  Under the usual
`su' mechanism, once someone learns the root password who sympathizes
with the ordinary users, he or she can tell the rest.  The "wheel
group" feature would make this impossible, and thus cement the power of
the rulers.

   I'm on the side of the masses, not that of the rulers.  If you are
used to supporting the bosses and sysadmins in whatever they do, you
might find this idea strange at first.