Primary group wheel -- still cannot "su -"

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Primary group wheel -- still cannot "su -"

amarendra godbole
Hi,

I recently installed 4.5 from the CD, and while adding user "amar", I
set the primary group to wheel. But now when I try to do a "su -", I
am kicked out for not being in group wheel. Though FAQ 10.1 says that
one has to be manually added to group wheel if su - is needed, does it
mean that folks having primary group as wheel are denied? Did I miss
something very obvious?

Here is the transcript:
==========================================
$ id
uid=1001(amar) gid=0(wheel) groups=0(wheel)
$ su -
Password:
you are not in group wheel
Sorry
$ dmesg | head -10
OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009
    [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 2.40GHz ("GenuineIntel" 686-class) 2.39 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
real mem  = 4026040320 (3839MB)
avail mem = 3913691136 (3732MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/25/03, BIOS32 rev. 0 @
0xffe90, SMBIOS rev. 2.3 @ 0xfb290 (56 entries)
bios0: vendor Dell Computer Corporation version "A05" date 06/25/2003
bios0: Dell Computer Corporation PowerEdge 1750
$
==========================================

Thanks.

-Amarendra

Reply | Threaded
Open this post in threaded view
|

Re: Primary group wheel -- still cannot "su -"

Theo de Raadt
> I recently installed 4.5 from the CD, and while adding user "amar", I
> set the primary group to wheel. But now when I try to do a "su -", I
> am kicked out for not being in group wheel. Though FAQ 10.1 says that
> one has to be manually added to group wheel if su - is needed, does it
> mean that folks having primary group as wheel are denied? Did I miss
> something very obvious?
>
> Here is the transcript:
> ==========================================
> $ id
> uid=1001(amar) gid=0(wheel) groups=0(wheel)
> $ su -
> Password:
> you are not in group wheel

I don't know why it is so difficult to read the manual pages

% man su


     If group 0 (normally ``wheel'') has users listed then only those users
     can su to ``root''.  It is not sufficient to change a user's /etc/passwd
     entry to add them to the ``wheel'' group; they must explicitly be listed
     in /etc/group.  If no one is in the ``wheel'' group, it is ignored, and
     anyone who knows the root password is permitted to su to ``root''.

Reply | Threaded
Open this post in threaded view
|

Re: Primary group wheel -- still cannot "su -"

amarendra godbole
On Fri, Jul 31, 2009 at 10:22 AM, Theo de Raadt<[hidden email]>
wrote:

>> I recently installed 4.5 from the CD, and while adding user "amar", I
>> set the primary group to wheel. But now when I try to do a "su -", I
>> am kicked out for not being in group wheel. Though FAQ 10.1 says that
>> one has to be manually added to group wheel if su - is needed, does it
>> mean that folks having primary group as wheel are denied? Did I miss
>> something very obvious?
>>
>> Here is the transcript:
>> ==========================================
>> $ id
>> uid=1001(amar) gid=0(wheel) groups=0(wheel)
>> $ su -
>> Password:
>> you are not in group wheel
>
> I don't know why it is so difficult to read the manual pages
>
> % man su
>
>
>     If group 0 (normally ``wheel'') has users listed then only those users
>     can su to ``root''.  It is not sufficient to change a user's
/etc/passwd
>     entry to add them to the ``wheel'' group; they must explicitly be
listed
>     in /etc/group.  If no one is in the ``wheel'' group, it is ignored, and
>     anyone who knows the root password is permitted to su to ``root''.
[...]

Ouch! Caught in the wrong foot -- I read everything but the man page.
:-[ So I did miss something very *obvious*.

-Amarendra

Reply | Threaded
Open this post in threaded view
|

Re: Primary group wheel -- still cannot "su -"

Francesco Vollero
In reply to this post by Theo de Raadt
Theo de Raadt ha scritto:

>> I recently installed 4.5 from the CD, and while adding user "amar", I
>> set the primary group to wheel. But now when I try to do a "su -", I
>> am kicked out for not being in group wheel. Though FAQ 10.1 says that
>> one has to be manually added to group wheel if su - is needed, does it
>> mean that folks having primary group as wheel are denied? Did I miss
>> something very obvious?
>>
>> Here is the transcript:
>> ==========================================
>> $ id
>> uid=1001(amar) gid=0(wheel) groups=0(wheel)
>> $ su -
>> Password:
>> you are not in group wheel
>>    
>
> I don't know why it is so difficult to read the manual pages
>
>  
Please, Theo, dont be silly! Why using man when you can ask to a mailing
list for free? :)


> % man su
>
>
>      If group 0 (normally ``wheel'') has users listed then only those users
>      can su to ``root''.  It is not sufficient to change a user's /etc/passwd
>      entry to add them to the ``wheel'' group; they must explicitly be listed
>      in /etc/group.  If no one is in the ``wheel'' group, it is ignored, and
>      anyone who knows the root password is permitted to su to ``root''.