[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: group 'root' does not exist?!



On Sun, Sep 17, 2000 at 03:33:03AM +0200, Christian Pernegger wrote:
> Hi all!
> 
> I'm playing with customizing PAM at the moment and want
> to restrict the use of 'su' to members of group 'root'
> by enabling the feature in /etc/pam.d/su.
> 
> However, when I try to
> 
> adduser myuser root
> 
> it says group 'root' doesn't exist. (I checked in /etc/groups
> and /etc/gshadow, just to be sure - they're there allright.)

adduser can't distinguish group root from user root, its a bug.  

i would recommend against using group root for this purpose, instead
add a new group `wheel' and use that.  linux system are simply not
setup for gid=0 to have members.  just look in /dev for all the crap
writable by group root.  

on BSD systems group wheel membership gives you no extra acess on the
filesystem (except for read access to a couple logs and config files,
thats it, no write) unless you want to constantly chase permissions
around use a seperate wheel group instead.

for pam add this line to the top of your /etc/pam.d/su file:

auth        requisite   pam_wheel.so group=wheel debug

this works very well for me.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpReglfKdDIP.pgp
Description: PGP signature


Reply to: