On Thu, 26 Jul 2001, Sheldon Hearn wrote:

> On Wed, 25 Jul 2001 19:20:45 MST, Kris Kennaway wrote:
> > Isn't this backwards?  Code shouldn't be making assumptions about the
> > special meaning of numeric gids.  What if you wanted to renumber gid
> > wheel to something else?
> So?  My primary group is 0.  In /etc/group, group wheel's numeric value
> is 0.

The FreeBSD 4.3 manpage says:
     Only users who are a member of group 0 (normally ``wheel'') can su to
     ``root''.   If group 0 is missing or empty, any user can su to

The OpenBSD-current manpage says (more explicitly):
     If group 0 (normally ``wheel'') has users listed then only those
     users can su to ``root''. It is not sufficient to change a user's
     /etc/passwd entry to add them to the ``wheel'' group; they must
     explicitly be listed in /etc/group. If no one is in the ``wheel''
     group, it is ignored, and anyone who knows the root password is
     permitted to su to ``root''.

The FreeBSD -CURRENT manpage doesn't mention wheel at all, referring the
reader to pam.conf to work out the semantics. I think this is a loss -
the defaults for su in pam.conf should at least be covered in the manpage.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to