OK, I haven't given it much thought, but how does
having the wheel group mechanism make it impossible
to "thwart the rulers?"
Richard: "OK, here's my private key, the passphrase
to unlock my private key is ``password''. After you
authenticate as ``rms'', I'm in the wheel group, so
you can su to root using the root password, which
is ``root''. Have fun!" If you find a "sympathizer"
willing to give you the root password, then wouldn't
the sympathizer be willing to give you his own
password as well?
Of course, the rulers are BOFHs, so they would
quickly implement "buddy system" authentication
(luser1 authenticates using his login/password,
if this is successful then luser2 (who is designated
as a buddy of luser1) must provide his login/password
on the same tty within a short period of time; if
everything is A-OK, luser1 is granted access)
using OTP (One Time Passwords) and biometrics,
of course.
D
* On Wed, Nov 22, 2000 at 11:17:15PM -0700, Jason wrote:
> Bucky Goldstein wrote:
> >
> > Hello,
> >
> > I've just installed a distro that defaults to not letting users su
> >
> > I've added my user account to wheel in /etc/groups and created a group
> > named wheel in /etc/passwords
> > then put yes behind SU_WHEEL_ONLY yes in /etc/login.defs
> >
> > Still no su
> >
> > Does anybody know how I can get su to work?
>
> What su are you using???
>
> --
>
>
> Why GNU su does not support the wheel group (by Richard Stallman)
> Sometimes a few of the users try to hold total power over all the
> rest. For example, in 1984, a few users at the MIT AI lab decided to
> seize power by changing the operator password on the Twenex
> system and keeping it secret from everyone else. (I was able to
> thwart this coup and give power back to the users by patching the
> kernel, but I wouldn't know how to do that in Unix.)
>
> However, occasionally the rulers do tell someone. Under the usual su
> mechanism, once someone learns the root password who sympathizes with
> the ordinary users, he can tell the rest. The "wheel group" feature
> would make this impossible, and thus cement the power of the rulers.
> I'm on the side of the masses, not that of the rulers. If you
> are used to supporting the bosses and sysadmins in whatever they do,
> you might find this idea strange at first.
>
>
>
> --
> jkenner @ mindspring . com__
> I Support Linux: _> _ _ |_ _ _ _|
> Working Together To <__(_||_)| )| `(_|(_)(_|
> To Build A Better Future. | <s>