On Mon, Aug 8, 2011 at 11:05 AM, A J Stiles <[email protected]> wrote: > On Monday 08 Aug 2011, Robert Isaac wrote: >> On Sat, Aug 6, 2011 at 12:32 PM, Karl Schmidt <[email protected]> wrote: >> > What groups does a desktop power-user need to belong to? >> >> Does it really matter when any user that has the root password can >> gain root privileges thanks to gnu su's inability to limit root >> privileges to a specific group? > > The idea is, by cunning use of groups, never to have to give out the root > password in the first place.
I understand that, however _all_ users can gain root with gnu su, effectively defeating the purpose of groups if you don't configure pam_wheel beyond its default. See section 23.6.1 of the 'su invocation' man page: http://www.gnu.org/software/coreutils/manual/html_node/su-invocation.html -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/cajbjnmughcjnoi2crbtbnsqgelawdapaz6jb7vwtpfw8xsq...@mail.gmail.com
