On Sun, Apr 10, 2011 at 10:08 AM, Alan McKinnon <alan.mckin...@gmail.com>wrote:
> Apparently, though unproven, at 16:28 on Sunday 10 April 2011, Dale did > opine > thusly: > > > > That was it! I've now got su-ability from that normal user. > > > > > > Funny, though, on my (very) old Debian system I don't seem to have a > > > wheel. > > > > > > Thanks. > > > > > >> Best regards, > > >> Yann > > > > I think that is a Gentoo thing. It does add some security if you don't > > want a user, like maybe some little kid, getting root access for any > > reason. > > No, it's pretty standard across Unix. > > The BSD's for example have had it since forever - members of the wheel > group > being allowed to sudo anything only came along much later. > > Leaving it *out* is a Linux-distro thing, probably from the usual usage > case > for Linux for many years - a server on the web that actually only had one > user > even though it was capable of being fully multi-user. The concept of wheel > for > su is pretty redundant in that case. > > > -- > alan dot mckinnon at gmail dot com > > Wheel has nothing to do with su; it has everything to do with sudo, but only if /etc/sudoers is edited to allow the Wheel group sudo access. Su is for changing to a different user, or running a command as another user; doing either requires the password of that user; sudo, on the other hand, only requires your password, if you're in the wheel group and the wheel group is given full sudo access, and the sudo access for wheel requires your password. Some examples, assuming your user (the one you're logged in as) is in wheel and requires a password for sudo access (see: visudo): sudo su <--- escalates you to root user with your own password. This is running "su" with "sudo". su user <--- switches to "user" with their password required to be entered sudo su user < -- switch to "user" with your password required to be entered sudo <command> <-- runs command as root sudo -u user <command> <--- runs command as "user" sudo su - user <--- escalates you to "user" and cd's to their home directory Please read the man pages for sudo and su for more info.
