From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Q93Cy-0003Lr-Cq for garchives@archives.gentoo.org; Sun, 10 Apr 2011 22:34:16 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 801161C0C8; Sun, 10 Apr 2011 22:32:51 +0000 (UTC) Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 180101C0C8 for ; Sun, 10 Apr 2011 22:32:50 +0000 (UTC) Received: by wyi11 with SMTP id 11so6304501wyi.40 for ; Sun, 10 Apr 2011 15:32:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=W+rz+TdJ8KG9gPT9ArXW0D7BOx+0E9TPbniz47sYvik=; b=bK+Mo9/7Bigd1aQKn5g2qz3R64jtnhZNpcDwIGltEhQ560Oj4C/RlOaOckNbMsfEJh HhvBpiNo6kNKATUR54bYcuwq81zmmzdYlPUsOzEO5Wi4gP5H0BCfhBEgQ7sKU8adcZ99 7Yjfpf9ypWHtf3sx/zKU1bZ1lOYxbvlq+Cj1Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=oyKRdYQzoCsyBwCwfk94apoQ6nxftiSDInZSV5My9EK4hNG3pvrmj1SrCdkst3qn8J ZzvNA5Gqyc0YUOmqHE052jWo2F81uwdlW382YeeXbOiN8GPQkwVWkFDwdwy/1cq55E7W wU5iZt5V88GUICCkt6mNcsowpn5cI78w/TQtY= Received: by 10.227.174.79 with SMTP id s15mr4588964wbz.76.1302474770075; Sun, 10 Apr 2011 15:32:50 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.227.21.141 with HTTP; Sun, 10 Apr 2011 15:32:30 -0700 (PDT) In-Reply-To: <201104101708.01721.alan.mckinnon@gmail.com> References: <20110410132146.GA936@muc.de> <20110410142821.GB936@muc.de> <4DA1BE7F.3050800@gmail.com> <201104101708.01721.alan.mckinnon@gmail.com> From: Mark Shields Date: Sun, 10 Apr 2011 17:32:30 -0500 Message-ID: Subject: Re: [gentoo-user] su doesn't work for me. To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=00248c0eef52ffd02c04a09809bb X-Archives-Salt: X-Archives-Hash: cf1e2acbabfe3f7b1592c6b351ab6474 --00248c0eef52ffd02c04a09809bb Content-Type: text/plain; charset=ISO-8859-1 On Sun, Apr 10, 2011 at 10:08 AM, Alan McKinnon wrote: > Apparently, though unproven, at 16:28 on Sunday 10 April 2011, Dale did > opine > thusly: > > > > That was it! I've now got su-ability from that normal user. > > > > > > Funny, though, on my (very) old Debian system I don't seem to have a > > > wheel. > > > > > > Thanks. > > > > > >> Best regards, > > >> Yann > > > > I think that is a Gentoo thing. It does add some security if you don't > > want a user, like maybe some little kid, getting root access for any > > reason. > > No, it's pretty standard across Unix. > > The BSD's for example have had it since forever - members of the wheel > group > being allowed to sudo anything only came along much later. > > Leaving it *out* is a Linux-distro thing, probably from the usual usage > case > for Linux for many years - a server on the web that actually only had one > user > even though it was capable of being fully multi-user. The concept of wheel > for > su is pretty redundant in that case. > > > -- > alan dot mckinnon at gmail dot com > > Wheel has nothing to do with su; it has everything to do with sudo, but only if /etc/sudoers is edited to allow the Wheel group sudo access. Su is for changing to a different user, or running a command as another user; doing either requires the password of that user; sudo, on the other hand, only requires your password, if you're in the wheel group and the wheel group is given full sudo access, and the sudo access for wheel requires your password. Some examples, assuming your user (the one you're logged in as) is in wheel and requires a password for sudo access (see: visudo): sudo su <--- escalates you to root user with your own password. This is running "su" with "sudo". su user <--- switches to "user" with their password required to be entered sudo su user < -- switch to "user" with your password required to be entered sudo <-- runs command as root sudo -u user <--- runs command as "user" sudo su - user <--- escalates you to "user" and cd's to their home directory Please read the man pages for sudo and su for more info. --00248c0eef52ffd02c04a09809bb Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Sun, Apr 10, 2011 at 10:08 AM, Alan McKinnon = <alan.mckin= non@gmail.com> wrote:
Apparently, though unproven, at 16:28 on Sunday 10 April 2011, Dale did opi= ne
thusly:

> > That was it! =A0I've now got su-ability from that normal user= .
> >
> > Funny, though, on my (very) old Debian system I don't seem to= have a
> > wheel.
> >
> > Thanks.
> >
> >> Best regards,
> >> Yann
>
> I think that is a Gentoo thing. =A0It does add some security if you do= n't
> want a user, like maybe some little kid, getting root access for any > reason.

No, it's pretty standard across Unix.

The BSD's for example have had it since forever - members of the wheel = group
being allowed to sudo anything only came along much later.

Leaving it *out* is a Linux-distro thing, probably from the usual usage cas= e
for Linux for many years - a server on the web that actually only had one u= ser
even though it was capable of being fully multi-user. The concept of wheel = for
su is pretty redundant in that case.


--
alan dot mckinnon at gmail dot com


Wheel has nothing to do with su; it= has everything to do with sudo, but only if /etc/sudoers is edited to allo= w the Wheel group sudo access. =A0Su is for changing to a different user, o= r running a command as another user; doing either requires the password of = that user; sudo, on the other hand, only requires your password, if you'= ;re in the wheel group and the wheel group is given full sudo access, and t= he sudo access for wheel requires your password. =A0

Some examples, assuming your user (the one you're l= ogged in as) is in wheel and requires a password for sudo access (see: visu= do):

sudo su =A0<--- escalates you to root user= with your own password. =A0This is running "su" with "sudo&= quot;.
su user <--- switches to "user" with their password=A0req= uired to be entered
sudo su user < -- switch to "user"= with your password required to be entered
sudo <command> <-- runs command as root
sudo -u use= r <command> <--- runs command as "user"
sudo s= u - user <--- escalates you to "user" and cd's to their ho= me directory

Please read the man pages for sudo and su for more info= .
--00248c0eef52ffd02c04a09809bb--