[SGVLUG] Security of using "wheel"...
Emerson, Tom (*IC)
Tom.Emerson at wbconsultant.com
Fri Dec 5 15:17:32 PST 2008
I suppose I should file this under "new things I learn even today..."
but as the majority of "linux" systems that I have /actually/ used are
glorified single-user systems, i.e., where "I" am the only actual "user"
configured as a non-root login account, I never really had an
opportunity to consider what the "wheel" group is on a Linux system...
A quick search of the net turned up this link:
http://administratosphere.wordpress.com/2007/07/19/the-wheel-group/
Which points out that the "GNU" version of su "does not support the
wheel group", and has a chuck of text from the "info" file, written by
Stallman, explaining why.
To this, I'd replay "fair enough, that would explain why I've never
really heard much about it". I seem to recall noticing that the "wheel"
group on an old system seemed to have "daemon" users in it [this might
have been a slackware distro, or perhaps freebsd which I ran once many
moons ago...] Of course, at this point it might be a fabricated memory
;)
In any case, a little deeper in the search I came across this:
http://www.cert.org/tech_tips/usc20_essentials.html
Which makes explicit mention as follows:
===============================
On systems that implement the /etc/login.access file, consider modifying
this file to disallow remote access to privileged accounts. An example
to disallow non-local logins to privileged accounts (group wheel):
-:wheel:ALL EXCEPT LOCAL
See also 2.10 /etc/login.access
===============================
Which would be a great and simple thing to do, however on my latest SuSE
system, "by default" the "wheel" group is actually empty, so the above
line would't do a thing on my system.
Any thoughts or comments on this? I'd Especially like to hear from
anyone who actively maintains a Unix or Linux system with more than
their own logon ID configured on it...
More information about the SGVLUG
mailing list