On Mon, Aug 8, 2011 at 11:05 AM, A J Stiles <de...@earthshod.co.uk> wrote: > On Monday 08 Aug 2011, Robert Isaac wrote: >> On Sat, Aug 6, 2011 at 12:32 PM, Karl Schmidt <k...@xtronics.com> wrote: >> > What groups does a desktop power-user need to belong to? >> >> Does it really matter when any user that has the root password can >> gain root privileges thanks to gnu su's inability to limit root >> privileges to a specific group? > > The idea is, by cunning use of groups, never to have to give out the root > password in the first place.
I understand that, however _all_ users can gain root with gnu su, effectively defeating the purpose of groups if you don't configure pam_wheel beyond its default. See section 23.6.1 of the 'su invocation' man page: http://www.gnu.org/software/coreutils/manual/html_node/su-invocation.html -- To UNSUBSCRIBE, email to debian-amd64-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cajbjnmughcjnoi2crbtbnsqgelawdapaz6jb7vwtpfw8xsq...@mail.gmail.com