I have rights for everything

LukynZ · 2010-02-23 12:13:44

I am not at any group at /etc/group, but I can play music, play games, manage networkmanager, print, log as root by su....is it normal???? I remember that I had to be at specific groups some time before, but after new installation few days back I can do anything....

Last edited by LukynZ (2010-02-23 12:14:09)

timong · 2010-02-23 12:21:16

LukynZ wrote:

I am not at any group at /etc/group, but I can play music, play games, manage networkmanager, print, log as root by su....is it normal???? I remember that I had to be at specific groups some time before, but after new installation few days back I can do anything....

what does
# id
tell you?

LukynZ · 2010-02-23 12:27:02

[lukas@lukyn ~]$ id
uid=1000(lukas) gid=100(users) groups=100(users)

JGC · 2010-02-23 12:37:08

When you log in with something that supports consolekit (kdm, gdm), udev will set ACLs for your user account on devicenodes. Membership of specific groups is no longer required these days.

LukynZ · 2010-02-23 12:40:33

Ah, thanks for explanation JGC. Now I am calm

Anikom15 · 2010-02-24 00:01:17

What do device nodes have to do with the wheel group?

n0dix · 2010-02-24 00:31:04

JGC wrote:

When you log in with something that supports consolekit (kdm, gdm), udev will set ACLs for your user account on devicenodes. Membership of specific groups is no longer required these days.

I didn't know that. Thanks for the information.

loafer · 2010-02-24 07:08:34

Anikom15 wrote:

What do device nodes have to do with the wheel group?

Where does the wheel group come into it? The OP says he is not a member of any groups (other than users).

Last edited by loafer (2010-02-24 07:08:47)

quantumphaze · 2010-02-24 10:07:39

You should be able to use su with minimal privileges since it's security relies on only authorised users knowing the root (or whoever) password.

I believe that you are thinking of sudo, which probably acts like a one-line-wonder version of su when the user isn't part of wheel.

LukynZ · 2010-02-24 11:02:10

I can use su and I am not wheel member

toad · 2010-02-24 11:09:24

What about tty1-6, brother? Can you su or use mplayer?

LukynZ · 2010-02-24 11:37:17

tty's...I can log with su and mplayer works but no visual movie

bangkok_manouel · 2010-02-24 11:41:30

LukynZ wrote:

I can use su and I am not wheel member

23.6.1 Why GNU su does not support the 'wheel' group
(This section is by Richard Stallman.)
Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual su mechanism, once someone learns the root password who sympathizes with the ordinary users, he or she can tell the rest. The "wheel group" feature would make this impossible, and thus cement the power of the rulers.
I'm on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.

source: http://www.gnu.org/software/coreutils/m … I-lab-2101

toad · 2010-02-24 11:57:51

Interesting thoughts, b_m, but I am yet to be convinced to hand out my user and root passwords, ip address and ssh port to all and sundry Other than that I don't get your post, but that is prolly 'cos I don't know enough about the wheel group...

@ LukynZ

Hm, and if you stop kdm/gdm/xdm/slim, log out and log in again, can you still play music?

bangkok_manouel · 2010-02-24 12:00:39

toad wrote:

Other than that I don't get your post, but that is prolly 'cos I don't know enough about the wheel group...

just to say that you do not need to be part of the wheel group to use su, which is not the case with BSD for example.

Misfit138 · 2010-02-24 13:52:26

Wheel group is for sudo..

toad · 2010-02-24 13:57:06

Ta to you both, learn something new every day...

bangkok_manouel · 2010-02-24 14:01:29

in fact, you don't need it for sudo neither

.:B:. · 2010-02-24 18:16:19

Misfit138 wrote:

Wheel group is for sudo..

No it ain't .

http://administratosphere.wordpress.com … eel-group/

Sudo is configured by /etc/sudoers. I think sudo by default doesn't allow anybody to run stuff with root powers; you have to allow it explicitly.

Wheel was the group originally intended for restricting the use of su; it's still there, and you can still do it if you want.

broch · 2010-02-24 18:36:57

Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)

reason for passwordless su
members of a group that use su do not know root password
removing someone from privileged group (or deleting group) resolves any issues with su access

sudo has nothing to do with wheel group

When you log in with something that supports consolekit (kdm, gdm), udev will set ACLs for your user account on devicenodes. Membership of specific groups is no longer required these days.

if this is true then you have serious secuity problems. What about system (e.g. server) without GUI? Are you saying that one needs to set ACL for absolutely everything? I hope not.

Arch Linux

#1 2010-02-23 12:13:44

I have rights for everything

#2 2010-02-23 12:21:16

Re: I have rights for everything

#3 2010-02-23 12:27:02

Re: I have rights for everything

#4 2010-02-23 12:37:08

Re: I have rights for everything

#5 2010-02-23 12:40:33

Re: I have rights for everything

#6 2010-02-24 00:01:17

Re: I have rights for everything

#7 2010-02-24 00:31:04

Re: I have rights for everything

#8 2010-02-24 07:08:34

Re: I have rights for everything

#9 2010-02-24 10:07:39

Re: I have rights for everything

#10 2010-02-24 11:02:10

Re: I have rights for everything

#11 2010-02-24 11:09:24

Re: I have rights for everything

#12 2010-02-24 11:37:17

Re: I have rights for everything

#13 2010-02-24 11:41:30

Re: I have rights for everything

#14 2010-02-24 11:57:51

Re: I have rights for everything

#15 2010-02-24 12:00:39

Re: I have rights for everything

#16 2010-02-24 13:52:26

Re: I have rights for everything

#17 2010-02-24 13:57:06

Re: I have rights for everything

#18 2010-02-24 14:01:29

Re: I have rights for everything

#19 2010-02-24 18:16:19

Re: I have rights for everything

#20 2010-02-24 18:36:57

Re: I have rights for everything

Board footer