super user clone & x-server disabling

John_L_Jones@Dell.com John_L_Jones at Dell.com
Fri Aug 23 18:39:01 CDT 2002


Thanks for the clarification Phil. I was out in left field (out past the
backstop on this one...)

I wonder if RH 7.3 somehow does utilize the wheel group since there is a
wheel group created after
install in /etc/group....

John


-----Original Message-----
From: Philip Rowlands [mailto:phr at doc.ic.ac.uk]
Sent: Friday, August 23, 2002 4:54 PM
To: linux-poweredge at exchange.dell.com
Subject: RE: super user clone & x-server disabling


On Fri, 23 Aug 2002 John_L_Jones at dell.com wrote:

>I may be way out in left field on this but...
>
>On other Unix systems, you can add a user to the wheel group and then
should
>be able to function as root, but with a user name.
>
>Anyone correct me if I am wrong with this. I *believe* this is how it works
>on Solaris...

No. The wheel group is just a convention for "trusted users". It gives
no special privileges other than those the sysadmin chooses to bestow by
chgrp'ing files to wheel. RH73 ships with no such files.

For example, a common security measure is to put /bin/su in the wheel
group, then "chmod 4750 /bin/su". This can also be done to utilities
not usually SUID root, e.g. tcpdump.

There is no other magic that would allow a non-root wheel member to
chown files, manipulate network interfaces, bypass file permissions etc.


Cheers,

Phil


_______________________________________________
Linux-PowerEdge mailing list
Linux-PowerEdge at dell.com
http://lists.us.dell.com/mailman/listinfo/linux-poweredge
Please read the FAQ at http://lists.us.dell.com/faq or search the list
archives at http://lists.us.dell.com/htdig/




More information about the Linux-PowerEdge mailing list