super user clone & x-server disabling

Philip Rowlands phr at doc.ic.ac.uk
Fri Aug 23 16:54:00 CDT 2002


On Fri, 23 Aug 2002 John_L_Jones at dell.com wrote:

>I may be way out in left field on this but...
>
>On other Unix systems, you can add a user to the wheel group and then should
>be able to function as root, but with a user name.
>
>Anyone correct me if I am wrong with this. I *believe* this is how it works
>on Solaris...

No. The wheel group is just a convention for "trusted users". It gives
no special privileges other than those the sysadmin chooses to bestow by
chgrp'ing files to wheel. RH73 ships with no such files.

For example, a common security measure is to put /bin/su in the wheel
group, then "chmod 4750 /bin/su". This can also be done to utilities
not usually SUID root, e.g. tcpdump.

There is no other magic that would allow a non-root wheel member to
chown files, manipulate network interfaces, bypass file permissions etc.


Cheers,

Phil





More information about the Linux-PowerEdge mailing list