Re: GNU su and the wheel group

From: jpd (
Date: 09/28/04

Date: Tue, 28 Sep 2004 08:23:32 +0000 (UTC)

On 2004-09-27, Chris Adams <> wrote:
> Once upon a time, jpd <> said:
>>Note that you can re-introduce a crippled version of the wheel
>>restriction through pam. Cripple because, pam_wheel only checks for
>>wheel, it does not check for `destination root', so it breaks _all_
> Cite? I've been using pam_wheel for years, and I'm pretty sure it only
> looks at attempts to auth to root by default.

The bunch of people loudly complaining ``it doesn't work''. Altough the
documentation talks about letting /su to root/, there are no options to
change target user, and the code doesn't appear to check for target uid.
This is probably a much more recent version that the versions I've been
(split ulr)

There is a comment ``/* su to a uid 0 account ? */'' but I don't see how
the code below it relates to checking for an actual target uid of 0. The
``pwd'' that is being filled in doesn't appear to be used afterwards.

Admittedly, my knowledge of the inner workings of pam is limited, so I
might easily be mistaken. But if so, I don't see it.

  j p d (at) d s b (dot) t u d e l f t (dot) n l .