# su root



## killerkim (Jan 18, 2011)

hello Forum,

I am wondering about the behaviour in my terminal. As a normal user, I normally can only switch to root if I am in the wheel group. But when I check my group association with "groups", I am currently only in my own usergroup (groups gives me "killerkim" only in the shell). Why can I although switch to root? I must say, I have switched the user into the wheel group, but used *pw groupmod* to cancel the groupb membership because of security reason.


----------



## SirDice (Jan 18, 2011)

You need to log out and back in again for the 'new' group memberships to activate. Same deal when removing groups.


----------



## killerkim (Jan 19, 2011)

I did logout and restart, etc. I can stil su as root, although I am not in the group "wheel". Could it be a bug perhaps? How can I see, which members the group "wheel" has?


----------



## Beastie (Jan 19, 2011)

killerkim said:
			
		

> How can I see, which members the group "wheel" has?


`% grep wheel /etc/group`


----------



## SirDice (Jan 19, 2011)

Also check /etc/pam.d/su:

```
# auth
auth            sufficient      pam_rootok.so           no_warn
auth            sufficient      pam_self.so             no_warn
auth            requisite       pam_group.so            no_warn [b]group=wheel[/b] root_only fail_safe
auth            include         system
```


----------



## SirDice (Jan 19, 2011)

killerkim said:
			
		

> How can I see, which members the group "wheel" has?
> 
> 
> 
> ...



Or [cmd=]pw groupshow wheel[/cmd]

:stud


----------



## killerkim (Jan 20, 2011)

SirDice said:
			
		

> Also check /etc/pam.d/su:
> 
> ```
> # auth
> ...



I have the same lines in my /etc/pam.d/su file. pw groupshow wheel gives me wheel:*:0:
Does the star mean, that everyone can su as root?

thx


----------



## killerkim (Jan 20, 2011)

I am still wondering, because the handbook says, that only members from the wheel membership can su as root?


----------



## Beastie (Jan 20, 2011)

killerkim said:
			
		

> pw groupshow wheel gives me wheel:*:0:


And after that? Don't you have *root*?



			
				killerkim said:
			
		

> Does the star mean, that everyone can su as root?


No it stands for the group's "password".



			
				killerkim said:
			
		

> I am still wondering, because the handbook says, that only members from the wheel membership can su as root?


That's right.


----------



## killerkim (Jan 20, 2011)

@beasti: I don't want my user to be able to switch to root. But he can stil su as root, although he is not in the wheel group.


----------



## Beastie (Jan 20, 2011)

You haven't answered my question: do you have *root* after *wheel:*:0:* (i.e. *wheel:*:0:root,...*) or not? It's possible /etc/group is corrupt. Just a wild guess...


----------



## killerkim (Jan 21, 2011)

Beastie said:
			
		

> You haven't answered my question: do you have *root* after *wheel:*:0:* (i.e. *wheel:*:0:root,...*) or not? It's possible /etc/group is corrupt. Just a wild guess...



No, there is only 
wheel:*:0:

Not
wheel:*:0:root

?? Seems, my group file is corrupt?


----------



## killerkim (Jan 21, 2011)

I now tried


```
pw groupmod wheel -m root
```

Now the wheel entry in groupfile is

```
wheel:*:0:root
```

My normal users can't su as root anymore


----------



## SirDice (Jan 21, 2011)

From pam_group(8):


> *fail_safe*  If the specified group does not exist, or has no members, act as if it does exist and the applicant is a member.


----------

