Windozer
Vectorite
Posts: 386
Have Vector Linux, Will Travel.
|
 |
« on: January 13, 2009, 06:12:05 pm » |
|
fiddling around with creating users, and wondered again about the User Group "Wheel Elite"...
what is it really?
thanks
- H
|
|
|
|
|
Logged
|
483,617th Registered Linux Snoozer
|
|
|
jklslvch
Member
Posts: 33
|
|
« Reply #1 on: January 17, 2009, 01:33:28 pm » |
|
i thiiiink users who can use sudo.. not positive tho
|
|
|
|
|
Logged
|
|
|
|
Windozer
Vectorite
Posts: 386
Have Vector Linux, Will Travel.
|
|
« Reply #2 on: January 17, 2009, 06:40:44 pm » |
|
Thank you for replying, jklslvch I was beginning to think this was going to fall off the map.  Anyone know? And why "wheel" ? |
|
|
|
|
Logged
|
483,617th Registered Linux Snoozer
|
|
|
|
caitlyn
|
|
« Reply #3 on: January 17, 2009, 06:59:52 pm » |
|
wheel is a holdover from UNIX in the dim and distant past. I'm not sure why it was named wheel. A user does NOT have to be a member of wheel to use sudo. Who can and cannot use sudo and what privileges they have is determined by the /etc/sudoers file. The purpose of wheel is to create a group of users who have some system administration privileges, in other words some subset of root privileges not allowed for ordinary users. sudo is one possible tool (and perhaps the best tool) for parsing out those privileges. A default /etc/sudoers file has a commented out line that looks like: #%wheel ALL=(ALL) ALL If you remove the # at the beginning of the line it becomes active. At that point any member of wheel has full root privileges if they use sudo. If you want to try this please remember that /etc/sudoers must be edited as root with the visudo commandy ONLY. visudo parses the file for correct syntax. If you use another editor you can seriously break sudo. Ubuntu does something different which, from my security professional paranoid perspective, is a really bad idea. It assigns the first standard user created sudo ALL privileges with the NOPASSWD option enabled. That bypasses wheel and effectively gives that user root privileges using sudo without ever having to enter a password. It's all very Windows-like and makes Ubuntu seem easier to use but it also leaves the door open for an unsophisticated user who knows just enough to be dangerous to do all sorts of nasty things to their system with little or no forethought. Anyway, sudo is an incredibly powerful tool. I even use it on my own personal systems because it logs the commands I enter prefixed by sudo. If I do something stupid at least I can go back to my logs and see what I did and fix it  Learning how sudo works is a very, very good idea. Putting yourself in the wheel group is an easy way to give yourself root privileges without having to use the actual root password and with the ability to log what you're doing. |
|
|
|
|
Logged
|
eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)
Toshiba Satellite A135-S4727, Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950
HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1
|
|
|
rbistolfi
Packager
Vectorian
Posts: 2277
|
|
« Reply #4 on: January 17, 2009, 07:04:05 pm » |
|
Cait beat me to the punch, anyway this is what I wrote  Not sure why it is called wheel, but members of wheel will be able to login as another user using the su command. |
|
|
|
|
Logged
|
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.
--
Jumalauta!!
|
|
|
|
caitlyn
|
|
« Reply #5 on: January 17, 2009, 07:10:20 pm » |
|
What Rodrigo posted is certainly correct for VL but NOT necessarily for other Linux distros or UNIX builds. Who can or cannot use su is also configurable As you've probably figured out Linux can be customized to the nth degree. Anyway, I generally prefer sudo to su because I don't have to give out all of root privileges at once on a multiuser system. I can give out just bits and pieces. I also prefer it on my personal systems because of the logging feature. Going back to a security or sudo log has saved me on a couple of occasions. I don't care how brilliant you are and how much LInux you know you can still make mistakes. I sure do. |
|
|
|
|
Logged
|
eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)
Toshiba Satellite A135-S4727, Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950
HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1
|
|
|
rbistolfi
Packager
Vectorian
Posts: 2277
|
|
« Reply #6 on: January 17, 2009, 07:20:17 pm » |
|
Of course, many Linux distros are not setting a wheel group at all these days. It is very easy to change that behavior, chown and chmod would do it, "necessarily" its a very relative term in *NIX |
|
|
|
|
Logged
|
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.
--
Jumalauta!!
|
|
|
EyesOnly
Member
Posts: 78
|
|
« Reply #7 on: January 18, 2009, 06:37:58 am » |
|
Thanks for that rundown Caitlyn. I'm sure Harry will agree with me when I say, "You learn something new everyday." Even for someone who's been banging away at the keyboard under various systems since 1980. (I just realised that this morning! YIKES!) Again, thank you kindly! I really do appreciate the wonderfully knowledgeable people we have on this forum believe me! Amicalement/Cheers! Eyes-Only "L'Peau-Rouge" |
|
|
|
|
Logged
|
"We never know just how much a kind word, or a gesture, will lift the spirits of a friend, or person, in need and heal them." (jimmymac)
|
|
|
Windozer
Vectorite
Posts: 386
Have Vector Linux, Will Travel.
|
|
« Reply #8 on: January 18, 2009, 09:43:07 am » |
|
Thanks, Rodrigo Thanks, Caitlyn - and again let me second EyesOnly on the great assistance! Such an excellent and detailed reply makes me wonder if you're not a sysadmin professionally? (If you don't mind me asking.) ...wheel is a holdover from UNIX in the dim and distant past. I'm not sure why it was named wheel. Well, I think I found the answer --- note the double-rounded Human Interface Device below:   |
|
|
|
|
Logged
|
483,617th Registered Linux Snoozer
|
|
|
kidd
Packager
Vectorian
Posts: 682
|
|
« Reply #9 on: January 18, 2009, 10:18:10 am » |
|
Great pic WinDoze. I've been looking at it for 10 minutes, reading and re-reading the text.
It's amazing how progress scales at a great speedup.
Scientists with best knowledge of technology 50 years ago couldn't even imagine some of the things that are happening now.
|
|
|
|
|
Logged
|
|
|
|
rbistolfi
Packager
Vectorian
Posts: 2277
|
|
« Reply #10 on: January 18, 2009, 10:25:00 am » |
|
I have heard the emacs keybindings were inspired by that board What I really wonder is why they put a home computer prototype in a submarine |
|
|
|
|
Logged
|
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.
--
Jumalauta!!
|
|
|
|
caitlyn
|
|
« Reply #11 on: January 18, 2009, 12:43:51 pm » |
|
I have heard the emacs keybindings were inspired by that board What I really wonder is why they put a home computer prototype in a submarine Rodrigo you just don't get it. Living in a submarine will be all the rage by 2004. It will remain super popular until apartments at the Lunar Colony become more affordable. |
|
|
|
|
Logged
|
eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)
Toshiba Satellite A135-S4727, Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950
HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1
|
|
|
|
overthere
|
|
« Reply #12 on: January 18, 2009, 04:26:38 pm » |
|
Interesting pic..I worked at a console like that for a few years, the wall reminds me of rocky jones..all I had was a giant plotter...likely a few literal bugs plucked out of that...if it actually did anything...so wheel is for sub admins? not full access but enough to solve local issues
|
|
|
|
|
Logged
|
Everything Is Relative
|
|
|
Windozer
Vectorite
Posts: 386
Have Vector Linux, Will Travel.
|
|
« Reply #13 on: January 18, 2009, 04:51:14 pm » |
|
LOL Yeah, I love that picture. Surprised I found it so fast... well, indeed, google images is certainly one of the things they couldn't imagine 50 years ago. "Well, it will be like a world-sized phone book and Dick-Tracy wrist television combined with a great table of contents... all at your finger tips." First time I saw it in 2004, it reminded me of a nuclear reactor control room - with a 1960 T.V. hung precariously on the wall. >> wheel is for sub admins? And the smaller, inside wheel is obviously for fine tuned control... Yes, by 2004, the Submarine Apartment will be affordable by all --- maintenance costs will be low, with one exception: when you have to call the plumber to fix a leak.
 - Howard living in the low-down rent district ... glub glub glub ~~~ |
|
|
|
|
Logged
|
483,617th Registered Linux Snoozer
|
|
|
rbistolfi
Packager
Vectorian
Posts: 2277
|
|
« Reply #14 on: January 19, 2009, 07:02:32 am » |
|
|
|
|
|
|
Logged
|
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.
--
Jumalauta!!
|
|
|
|
