Re: GNU su and the wheel group
From: jpd (read_the_sig_at_do.not.spam.it)
Date: Tue, 28 Sep 2004 08:23:32 +0000 (UTC)
On 2004-09-27, Chris Adams <firstname.lastname@example.org> wrote:
> Once upon a time, jpd <email@example.com> said:
>>Note that you can re-introduce a crippled version of the wheel
>>restriction through pam. Cripple because, pam_wheel only checks for
>>wheel, it does not check for `destination root', so it breaks _all_
> Cite? I've been using pam_wheel for years, and I'm pretty sure it only
> looks at attempts to auth to root by default.
The bunch of people loudly complaining ``it doesn't work''. Altough the
documentation talks about letting /su to root/, there are no options to
change target user, and the code doesn't appear to check for target uid.
This is probably a much more recent version that the versions I've been
There is a comment ``/* su to a uid 0 account ? */'' but I don't see how
the code below it relates to checking for an actual target uid of 0. The
``pwd'' that is being filled in doesn't appear to be used afterwards.
Admittedly, my knowledge of the inner workings of pam is limited, so I
might easily be mistaken. But if so, I don't see it.
-- j p d (at) d s b (dot) t u d e l f t (dot) n l .