[Mageia-dev] msec su for wheel

Colin Guthrie mageia at colin.guthr.ie
Fri Dec 14 10:47:30 CET 2012


'Twas brillig, and Richard Couture at 14/12/12 01:10 did gyre and gimble:
> While teaching a class in administration of GNU Linux using Mageia I
> noted that when setting ENABLE_PAM_WHEEL_FOR_SU in msec that neither the
> group nor the permissions of the exec su were changed.
> 
> [rrc at pwyr ~]$ ls -al $( which su )
> -rwsr-xr-x 1 root root 34904 Jun  9  2012 /bin/su*
> 
> to my way of thinking, this option should change su as follows
> -rwsr-xr-- 1 root wheel 34904 Dec 12 2012 /bin/su*

So this would prevent user A su'ing to user B. I'm not sure that's
desired behaviour.

e.g. I quite often do "su - test" to become my test user.

The setting AFAIU only prevents users su'ing to root when not in the
wheel group, not su'ing to other users.

Col


-- 

Colin Guthrie
colin(at)mageia.org
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/


More information about the Mageia-dev mailing list