Subject: Re: su(1) group wheel restriction
To: Chad Mynhier <firstname.lastname@example.org>
From: Greg Hudson <ghudson@MIT.EDU>
Date: 01/09/1997 10:30:34
> What is the difference between adding a user to /etc/su.conf and
> adding the user to the wheel group? It seems that the only real
> difference between the two is the ability to put '*' in
Precisely. The only reason to retain the meaning of group wheel at
all, in this scheme, would be for backward compatibility.
> This may be a naive question, but is the root password known by so
> many people at your site that it's easier to let anyone su than to
> add specific people to the wheel group?
There are a bunch, but it's more a combination of:
* No other operating system we use has the restriction; that
is, we are used to restricting root access based on "what
you know" rather than by both "what you know" and "who you
* There are other, more laborious ways for these people to get
root access to the machines in question.
* The multi-user security of a given workstation is less
important in our environment, so the tradeoff favors the
"weaker security" of disabling the group wheel restriction.