can't su as user
Micah Abrams
micah@neoplanet.com
Fri, 24 Nov 2000 01:51:56 -0700 (MST)
while it may be true that su doesn't support the wheel group, PAM
does. There is a PAM module called pam_wheel.so. Using this module it is
possible to limit su access to only those who are members of the wheel
group. So, assuming your su is compiled with PAM support you should have
no problem limiting su access to only those in the wheel group.
On Wed, 22 Nov 2000, Jason wrote:
>Bucky Goldstein wrote:
>>
>> Hello,
>>
>> I've just installed a distro that defaults to not letting users su
>>
>> I've added my user account to wheel in /etc/groups and created a group
>> named wheel in /etc/passwords
>> then put yes behind SU_WHEEL_ONLY yes in /etc/login.defs
>>
>> Still no su
>>
>> Does anybody know how I can get su to work?
>
>What su are you using???
>
>--
>
>
> Why GNU su does not support the wheel group (by Richard Stallman)
>Sometimes a few of the users try to hold total power over all the
>rest. For example, in 1984, a few users at the MIT AI lab decided to
>seize power by changing the operator password on the Twenex
>system and keeping it secret from everyone else. (I was able to
>thwart this coup and give power back to the users by patching the
>kernel, but I wouldn't know how to do that in Unix.)
>
> However, occasionally the rulers do tell someone. Under the usual su
>mechanism, once someone learns the root password who sympathizes with
>the ordinary users, he can tell the rest. The "wheel group" feature
>would make this impossible, and thus cement the power of the rulers.
>I'm on the side of the masses, not that of the rulers. If you
>are used to supporting the bosses and sysadmins in whatever they do,
>you might find this idea strange at first.
>
>
>
>