From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Q93SP-0005wD-S2 for garchives@archives.gentoo.org; Sun, 10 Apr 2011 22:50:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 483AE1C0C3; Sun, 10 Apr 2011 22:48:49 +0000 (UTC) Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181]) by pigeon.gentoo.org (Postfix) with ESMTP id EC1EA1C0C3 for ; Sun, 10 Apr 2011 22:48:48 +0000 (UTC) Received: by wyi11 with SMTP id 11so6312243wyi.40 for ; Sun, 10 Apr 2011 15:48:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:from:to:subject:date:user-agent:references :in-reply-to:mime-version:content-type:content-transfer-encoding :message-id; bh=DwqVCSMsxPyTg37qEM+PS31QDggnYR4bARSjnsN9hdk=; b=Qmmh9aTXIwvUpWr8jjwtxgAr2PQOoTVJxBrRdaEzOcZn8WXu6i3DOiKutgcqzio1Uy 8pP0h0bOVLI6Dzbm+9uL8qfoBELaAaA+TD58I7Ne7zdhygebDnb9AhDCNT/GU+S3R9nC GvYWiKxcfczOFFaDnzz062yqvbWoYLNN8LS8g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; b=sfWZAT7/aW091KIadI7VEj0gzgUVvxCoXtG0XavQ23ZVF5FEhBNJkqP7Y7vuZGYHzd cFs1/1pLAk2wOr8EA5pY9mm2CVoKKwvVqVeNMWUVcGgVE9RXI8Es5D5bVT9ux7PJcIBd 50woj6eLfkd3/dxL0snx8bpdu8kQhymOjtmuU= Received: by 10.216.121.200 with SMTP id r50mr2068159weh.7.1302475728033; Sun, 10 Apr 2011 15:48:48 -0700 (PDT) Received: from nazgul.localnet (196-215-19-231.dynamic.isadsl.co.za [196.215.19.231]) by mx.google.com with ESMTPS id l24sm3030080wbc.30.2011.04.10.15.48.45 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 10 Apr 2011 15:48:46 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] su doesn't work for me. Date: Mon, 11 Apr 2011 00:48:24 +0200 User-Agent: KMail/1.13.6 (Linux/2.6.38-ck; KDE/4.6.2; x86_64; ; ) References: <20110410132146.GA936@muc.de> <201104101708.01721.alan.mckinnon@gmail.com> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <201104110048.24436.alan.mckinnon@gmail.com> X-Archives-Salt: X-Archives-Hash: 08a495799395e21a15e303fcac0844cf Apparently, though unproven, at 00:32 on Monday 11 April 2011, Mark Shields did opine thusly: > On Sun, Apr 10, 2011 at 10:08 AM, Alan McKinnon wrote: > > Apparently, though unproven, at 16:28 on Sunday 10 April 2011, Dale did > > opine > > > > thusly: > > > > That was it! I've now got su-ability from that normal user. > > > > > > > > Funny, though, on my (very) old Debian system I don't seem to have a > > > > wheel. > > > > > > > > Thanks. > > > > > > > >> Best regards, > > > >> Yann > > > > > > I think that is a Gentoo thing. It does add some security if you don't > > > want a user, like maybe some little kid, getting root access for any > > > reason. > > > > No, it's pretty standard across Unix. > > > > The BSD's for example have had it since forever - members of the wheel > > group > > being allowed to sudo anything only came along much later. > > > > Leaving it *out* is a Linux-distro thing, probably from the usual usage > > case > > for Linux for many years - a server on the web that actually only had one > > user > > even though it was capable of being fully multi-user. The concept of > > wheel for > > su is pretty redundant in that case. > > > > > > -- > > alan dot mckinnon at gmail dot com > > Wheel has nothing to do with su; it has everything to do with sudo, but > only if /etc/sudoers is edited to allow the Wheel group sudo access. Su > is for changing to a different user, or running a command as another user; > doing either requires the password of that user; sudo, on the other hand, > only requires your password, if you're in the wheel group and the wheel > group is given full sudo access, and the sudo access for wheel requires > your password. > > Some examples, assuming your user (the one you're logged in as) is in wheel > and requires a password for sudo access (see: visudo): > > sudo su <--- escalates you to root user with your own password. This is > running "su" with "sudo". > su user <--- switches to "user" with their password required to be entered > sudo su user < -- switch to "user" with your password required to be > entered sudo <-- runs command as root > sudo -u user <--- runs command as "user" > sudo su - user <--- escalates you to "user" and cd's to their home > directory > > Please read the man pages for sudo and su for more info. Mark, You know better than that. Re-read my post, I said that *Unix*, most especially the BSDs, have had a concept of wheel for, well, since almost when Unix started. sudo came much later and for sudo, wheel is naturally a very useful pre-existing thing to use. If Linux distros, maintainers or the GNU folk chose to not implement wheel membership as a prerequisite for su, then that's fine. They can do what they want with their stuff but it doesn't change the fact that other operating systems can, and do, do it differently. I have read man su and man sudo. Many times. I see that the ones I have are very Linux-centric. Google "wheel su" for more info, keeping in mind that Linux != Unix -- alan dot mckinnon at gmail dot com