Timeline for User added to wheel group, but can't su without password authentication
Current License: CC BY-SA 4.0
10 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 17, 2024 at 13:09 | vote | accept | einpoklum | ||
| Dec 17, 2024 at 13:02 | comment | added | einpoklum | @grawity: It is, and I am miffed by the high gid as well. On a very similar machine I see a gid of 497. I did add the group manually. | |
| Dec 17, 2024 at 13:01 | history | edited | einpoklum | CC BY-SA 4.0 | added 27 characters in body |
| Dec 17, 2024 at 11:47 | answer | added | larsks | timeline score: 1 | |
| Dec 17, 2024 at 10:57 | review | Close votes | |||
| Dec 17, 2024 at 11:05 | |||||
| Dec 17, 2024 at 10:52 | comment | added | grawity | Is that the only wheel group you have? (I'd expect it to have a lower GID...) Do you know for sure that your su implementation actually uses PAM? If it does, did you update both pam.d/su and pam.d/su-l for the two different su invocations? | |
| Dec 17, 2024 at 10:05 | history | edited | einpoklum | CC BY-SA 4.0 | added 18 characters in body |
| Dec 17, 2024 at 10:05 | comment | added | einpoklum | @Kusalananda: Typically, when you're in the wheel group, and you're already logged in as joeuser, you can su without further authenticating. Also, clarified that I don't mean becoming another non-root user, just plain su to be root (although impersonation also works without authentication, and you don't have to know their password). | |
| Dec 17, 2024 at 10:01 | comment | added | Kusalananda♦ | I don't know about PAM, but on the systems I'm used to, membership in the wheel group grants you access to su, but you still have to know the password of the user you are impersonating. I haven't really seen su being set up to grant passwordless access to another user's account (from non-root users). I would use doas or sudo for that. | |
| Dec 17, 2024 at 9:35 | history | asked | einpoklum | CC BY-SA 4.0 |