Yep Thnx, i found this link that was very helpfull after some search: http://www.faqs.org/docs/securing/chap5sec43.html and this nice link to pam information: http://www.phptr.com/articles/article.asp?p=165226&seqNum=1 Thnx Again for your help!. On 01/09/05, Ted Harding <Ted.Harding@nessie.mcc.ac.uk> wrote:
On 01-Sep-05 Frank Bax wrote:
At 07:36 AM 9/1/05, daniel parkes wrote:
i Was wondering what is the use of the wheel group in suse systems??, in freebsd it has guid 0 and only people that are members of the wheel group can su to root.
Does it have any similar use in suse, it has guid 10 so i cant really see if it has any use out of the box??
Can someone tell me how u can configure the system so only people in the wheel group ca su to root, whitout using sudo.
man su - last line directs reader to "info su" where last section says "GNU 'su' does not support 'wheel' group.".
More precisely, it says "Why GNU 'su' does not support 'wheel' group."
And the reason is that Richard Stallman does not like it, considering this use of it to be indemocratic and dictatorial. All users should have equal rights.
I happen to disagree with this as a general proposition. In environments where there are many users (in the sense of different people), it's very wise to limit root access to those who know what they're doing.
The latter could be a set of different people, or a single person with several accounts on the system. Granted, any such user could simply log in as root from scratch on a new login prompt. However, it may often be more convenient to 'su' from the account one has already logged in to. So there is a point to su+wheel.
The main justification for Stallman's argument (that all users should have equal rights, and someone who learns the root password should have the right to leak it to others, which would be rendered ineffective by the restriction to members of 'wheel') is in my mind overturned by the fact of life that for many systems you wouldn't want this to be possible!
Best wishes to all, Ted.
-------------------------------------------------------------------- E-Mail: (Ted Harding) <Ted.Harding@nessie.mcc.ac.uk> Fax-to-email: +44 (0)870 094 0861 Date: 01-Sep-05 Time: 15:33:20 ------------------------------ XFMail ------------------------------
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com