Subject: Re: su(1) group wheel restriction
To: Greg Hudson <>
From: Chad Mynhier <>
List: tech-userlevel
Date: 01/09/1997 10:25:23
Greg Hudson writes:
>It seems poor to me that the only way to configure a machine to allow
>arbitrary users to su to root is to give up having a name for group 0.
>Assuming we want to solve this problem, there are two solutions I can
>come up with:

>	* Create a new file in /etc (/etc/su.conf, whatever) which
>	  controls who can su to root.  If it doesn't exist, fall back
>	  to the old check.  If it does exist, it's, say, a list of
>	  usernames, one per line, with the username "*" matching all
>	  users.

	What is the difference between adding a user to /etc/su.conf
and adding the user to the wheel group?  It seems that the only real 
difference between the two is the ability to put '*' in /etc/su.conf.
This may be a naive question, but is the root password known by so many
people at your site that it's easier to let anyone su than to add specific
people to the wheel group?  (I realize that certain environments -- say,
an OS class run on a bunch of machine with no Internet connectivity -- 
may be this way.)

Chad Mynhier <>
Lab Engineer, CS Department        
University of Tennessee, Knoxville