Ben Barrett wrote,
>IIRC, wheel was intended to match the GID on su, so that non-group
>members cannot even become root, a hardening tactic that goes along
>with disallowing any direct root logins.
>
>Why not make wheel? You'll feel so evolved; groupadd wheel and grunt
>with glee ;)
>(then again, what good is wheel if you don't use it?)
Problem: Not all systems treat the wheel group as special. I believe GNU
su allows anybody to try to become root regardless of membership in wheel.
If your system has a /etc/login.defs file, it might contain an option
SU_WHEEL_ONLY that controls whether or not "su root" is restricted to
members of wheel.
Also beware: The privileged group, if your system supports it, might not
be called "wheel". The name actually doesn't matter--what matters is
whether the group ID number is 0. You might find that your group 0 is
called "root", or maybe some other name entirely. ("grep :0: /etc/group"
will tell you the magic name.)
I recommend NOT doing "groupadd wheel". If you don't already have a group
called "wheel", that will give you one, but its group ID won't be 0, and it
will (confusingly) have no special privileges.
If your system already has a group with ID 0, you don't need a new one.
If you don't already have such a group, it was probably left out for a
reason, and again you probably don't need to add one.
Getting back to the original subject, "man sudo" says that "sudo -l" will
tell you what commands /etc/sudoers allows or forbids you to use. This
will probably be quite useful for debugging your edits of /etc/sudoers.
- Neil Parker
_______________________________________________
EUGLUG mailing list
[email protected]
http://www.euglug.org/mailman/listinfo/euglug
