On Sun, Apr 10, 2011 at 10:08 AM, Alan McKinnon
<alan.mckinnon@gmail.com> wrote:
Apparently, though unproven, at 16:28 on Sunday 10 April 2011, Dale did opine
thusly:
> > That was it! I've now got su-ability from that normal user.
> >
> > Funny, though, on my (very) old Debian system I don't seem to have a
> > wheel.
> >
> > Thanks.
> >
> >> Best regards,
> >> Yann
>
> I think that is a Gentoo thing. It does add some security if you don't
> want a user, like maybe some little kid, getting root access for any
> reason.
The BSD's for example have had it since forever - members of the wheel group
being allowed to sudo anything only came along much later.
Leaving it *out* is a Linux-distro thing, probably from the usual usage case
for Linux for many years - a server on the web that actually only had one user
even though it was capable of being fully multi-user. The concept of wheel for
su is pretty redundant in that case.
--
alan dot mckinnon at gmail dot com
Wheel has nothing to do with su; it has everything to do with sudo, but only if /etc/sudoers is edited to allow the Wheel group sudo access. Su is for changing to a different user, or running a command as another user; doing either requires the password of that user; sudo, on the other hand, only requires your password, if you're in the wheel group and the wheel group is given full sudo access, and the sudo access for wheel requires your password.
Some examples, assuming your user (the one you're logged in as) is in wheel and requires a password for sudo access (see: visudo):
sudo su <--- escalates you to root user with your own password. This is running "su" with "sudo".
su user <--- switches to "user" with their password required to be entered
sudo su user < -- switch to "user" with your password required to be entered
sudo <command> <-- runs command as root
sudo -u user <command> <--- runs command as "user"
sudo su - user <--- escalates you to "user" and cd's to their home directory
Please read the man pages for sudo and su for more info.