Why GNU su does not support the “wheel” group
13 September 2007 – 7:46 pm by wg
[Insert IMHO disclaimer] This is quite possibly the worst reason for doing anything, ever:
(From the GNU su man page)
22.5.1 Why GNU su does not support the “wheel” group
(This section is by Richard Stallman.)
Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn’t know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual su mechanism, once someone learns the root password who sympathizes with the ordinary users, he or she can tell the rest. The “wheel group†feature would make this impossible, and thus cement the power of the rulers.
I’m on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.
Argh.
3 Responses to “Why GNU su does not support the “wheel” group”
No, that’s completely retarded; no IMHO required.
By Ceri Davies on Sep 14, 2007
Of course Solaris su doesn’t support it either.
So typically admins resort to making it executable only by members of the wheel/root group…
(Which doesn’t help anyone wanting to switch user to non-root, but hey..)
Nowadays we can just make root a role, of course, and control access to it that way.
By James Grinter on Sep 27, 2007