Why GNU su does not support the `wheel' group
source link: https://ftp.gnu.org/old-gnu/Manuals/coreutils-4.5.4/html_node/coreutils_149.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
GNU Core-utils
22.5 su: Run a command with substitute user and group id
su allows one user to temporarily become another user. It runs a
command (often an interactive shell) with the real and effective user
id, group id, and supplemental groups of a given user. Synopsis:
su [option]... [user [arg]...] |
If no user is given, the default is root, the super-user.
The shell to use is taken from user's passwd entry, or
`/bin/sh' if none is specified there. If user has a
password, su prompts for the password unless run by a user with
effective user id of zero (the super-user).
By default, su does not change the current directory.
It sets the environment variables HOME and SHELL
from the password entry for user, and if user is not
the super-user, sets USER and LOGNAME to user.
By default, the shell is not a login shell.
Any additional args are passed as additional arguments to the shell.
GNU su does not treat `/bin/sh' or any other shells specially
(e.g., by setting argv[0] to `-su', passing -c only
to certain shells, etc.).
su can optionally be compiled to use syslog to report
failed, and optionally successful, su attempts. (If the system
supports syslog.) However, GNU su does not check if the
user is a member of the wheel group; see below.
The program accepts the following options. Also see 2. Common options.
`-c command' `--command=command'
Pass command, a single command line to run, to the shell with
a -c option instead of starting an interactive shell.
`-f'
`--fast'
Pass the -f option to the shell. This probably only makes sense
if the shell run is csh or tcsh, for which the -f
option prevents reading the startup file (`.cshrc'). With
Bourne-like shells, the -f option disables file name pattern
expansion (globbing), which is not likely to be useful.
`-'
`-l'
`--login'
Make the shell a login shell. This means the following. Unset all
environment variables except TERM, HOME, and SHELL
(which are set as described above), and USER and LOGNAME
(which are set, even for the super-user, as described above), and set
PATH to a compiled-in default value. Change to user's home
directory. Prepend `-' to the shell's name, intended to make it
read its login startup file(s).
`-m'
`-p'
`--preserve-environment'
Do not change the environment variables HOME, USER,
LOGNAME, or SHELL. Run the shell given in the environment
variable SHELL instead of the shell from user's passwd
entry, unless the user running su is not the superuser and
user's shell is restricted. A restricted shell is one that
is not listed in the file `/etc/shells', or in a compiled-in list
if that file does not exist. Parts of what this option does can be
overridden by --login and --shell.
`-s shell'
`--shell=shell'
Run shell instead of the shell from user's passwd entry,
unless the user running su is not the superuser and user's
shell is restricted (see `-m' just above).
Why GNU su does not support the `wheel' group
(This section is by Richard Stallman.)
Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual
su mechanism, once someone learns the root password who
sympathizes with the ordinary users, he or she can tell the rest. The
"wheel group" feature would make this impossible, and thus cement the
power of the rulers.
I'm on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.
This document was generated by Jeff Bailey on December, 28 2002 using texi2html
Recommend
-
98
The wheel group on *nix computers typically refers to the group with some sort of root-like access. I've heard that on some *nixes it's the group of users with the right to run su , but on...
-
16
Have you ever installed an application on a computer, a smartphone or your favourite smart device? Can you trust that it does its job instead of doing the opposite of what it displays on screen or, worse, compromise your...
-
11
Does Your Mouse Wheel Control the Volume in Windows 10? Here Is How to Stop It By Matthew Wallaker Published 15 hours ago If...
-
10
Object does not support property or method 'querySelector' in IE 10 advertisements I encounter a problem with IE 10 regarding its support. The...
-
4
why GNU grep is fast why GNU grep is fast Mike Haertel mike at d...
-
6
Why Java Does Not Support Destructor?In any programming language, whenever we declare and create an object it takes some bytes of memory in the heap memory. After the usage of the objects, we need to delete them from heap memory as they m...
-
5
PSVR2 is coming early 2023, but you won’t be able to play PSVR games on it
-
6
What Is Four-Wheel-Steer And Why Does Your Car Need It?
-
6
Closed Bug 1821733...
-
2
Why Has Figma Reinvented the Wheel With PostgreSQL?6 min read18 hours agoA few weeks ago, Figma published an
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK