You are not logged in.
Pages: 1
Hello, where are the privileges of groups specified? Like, I mean, what makes a member of the "wheel" group able to use sudo (after you edit the sudoers file), or a member of the "audio" group able to access the sound card? Is there a configuration file somewhere? If I create my own group, how do I specify what that group can do? And why do half the groups not do what they intuitively should allow the user to do (eg being a member of the power group alone does not allow a user to shutdown, being a member of hal does not allow a user to mount disks without sudo, etc. etc.)
I tried googling but it wasn't very successful. One-line replies in the form of hyperlinks are welcome! As are other one-line answers, and indeed detailed, in-depth responses that I may not understand...
Offline
I'm using common sense here to make a wild guess. So if I'm not mistaken, they're mostly hardcoded and their primary use is having access to files/resources/devices outside your home directory, which are owned by the respective groups.
yakui 2.6.36-ARCH x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ AuthenticAMD GNU/Linux
suika 2.6.32-lts i686 Intel(R) Atom(TM) CPU N270 @ 1.60GHz GenuineIntel GNU/Linux
Nokia-N900 2.6.28.10power46 armv7l
Offline
I don't know about sudo, but usually a file is accessible to only a group because
1) the file is owned by the group
2) members of that group have at least read permissions on that file
For example, my audio devices are owned by the audio group and the audio group is given read and write access.
See also the man pages for chown, chmod and chgrp. Hopefully you can extrapolate from there.
aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies
Offline
Aaah, I see. So there really is no definition of what a group can do, because it just depends on whether that group happens to own or be able to read a particular file or not. And I can just create any old group and chown the files I want that group to access to "define" what that group can do.
Interesting...so maybe the wheel group owns a weird file somewhere that lets you use sudo, or something?
Oh well, that makes more sense now anyway. Thanks for putting me on the right track!
Offline
The wheel group works because sudo and su check to see if the user belongs to wheel if you have them configured that way
/etc/sudoers
# This file MUST be edited with the 'visudo' command as root.
Defaults env_reset,tty_tickets,timestamp_timeout=0,insults
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
/etc/pam.d/su
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
/etc/group contains the group info (they probably check this file, but likely through a system call)
Last edited by thestinger (2010-11-15 23:45:34)
Offline
Pages: 1