LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-19-2010, 02:36 PM   #1
Teleute
Member
 
Registered: Mar 2005
Posts: 62

Rep: Reputation: 16
Can I add a group of users to the wheel group?


I have a number of users, categorised into various groups. I would like one of those groups ("developers") to be in the wheel group as well. I don't want to just copy the people from the developers group into wheel, because then when that group changes I'll have to change it in two places. Is there a way to specify that anyone in developers is in wheel, and have that be dynamic?

Thanks!
 
Old 05-19-2010, 06:38 PM   #2
jcomeau_ictx
LQ Newbie
 
Registered: Aug 2004
Location: Petaluma, CA, US
Distribution: Debian GNU/Linux squeeze/sid
Posts: 29

Rep: Reputation: 17
Sure there are ways, using scripting and
cron, but you are talking about some nasty ad-hockery. Occam would suggest you save "developers" for a time when you need a separate group for non-wheel developers, and just add people to wheel for now.
 
Old 05-19-2010, 07:36 PM   #3
Teleute
Member
 
Registered: Mar 2005
Posts: 62

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by jcomeau_ictx View Post
Sure there are ways, using scripting and
cron, but you are talking about some nasty ad-hockery. Occam would suggest you save "developers" for a time when you need a separate group for non-wheel developers, and just add people to wheel for now.

There are already many structures/permissions/etc... in place for that developers group, though, and changing them all would be brutal. Plus it's an NIS group. Basically, it has many purposes other than this...
 
Old 05-20-2010, 09:38 PM   #4
jcomeau_ictx
LQ Newbie
 
Registered: Aug 2004
Location: Petaluma, CA, US
Distribution: Debian GNU/Linux squeeze/sid
Posts: 29

Rep: Reputation: 17
Maybe a good use for FUSE then, but I haven't yet played with it myself, so I'm not sure if it would work. The steps ought to be: write a Python script using python-fuse to output the group file dynamically; rename /etc/group to be /etc/group.fuse; have your script create and handle /mnt/fuse/group based on /etc/group.fuse; and symlink /mnt/fuse/group to /etc/group.
 
Old 05-20-2010, 09:45 PM   #5
mac.tieu
Member
 
Registered: Jan 2010
Location: Vietnam
Distribution: Arch
Posts: 65

Rep: Reputation: 22
Quote:
Originally Posted by Teleute View Post
I have a number of users, categorised into various groups. I would like one of those groups ("developers") to be in the wheel group as well. I don't want to just copy the people from the developers group into wheel, because then when that group changes I'll have to change it in two places. Is there a way to specify that anyone in developers is in wheel, and have that be dynamic?

Thanks!
There is an alternative way to archive: grant all permissions of 'wheel' group to 'developers' group ('/etc/sudoers', ...), I think.

MT.

Last edited by mac.tieu; 05-20-2010 at 09:47 PM.
 
Old 05-20-2010, 10:22 PM   #6
Teleute
Member
 
Registered: Mar 2005
Posts: 62

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by mac.tieu View Post
There is an alternative way to archive: grant all permissions of 'wheel' group to 'developers' group ('/etc/sudoers', ...), I think.

MT.
Holy crap...nice! One of those things where I'd never think of it, but it seems so simple I kick myself for having missed it. I'm giving this a try first thing tomorrow.
 
Old 05-21-2010, 05:30 PM   #7
Teleute
Member
 
Registered: Mar 2005
Posts: 62

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by Teleute View Post
Holy crap...nice! One of those things where I'd never think of it, but it seems so simple I kick myself for having missed it. I'm giving this a try first thing tomorrow.
I tried this and it didn't work - however, I did try doing it in /etc/pam.d/su (changed the line "auth required pam_wheel.so use_uid" to "auth required pam_wheel.so group=developers use_uid" and it worked. I did a reference to possibly doing this through pam_access instead, but I need to look into that more. It might be the way to go though, since I think with pam_wheel.so I can only send one group as a parameter, and there might be an occasion where more than one needs to be added...

Thanks for putting me on the right track!
 
Old 05-21-2010, 09:55 PM   #8
mac.tieu
Member
 
Registered: Jan 2010
Location: Vietnam
Distribution: Arch
Posts: 65

Rep: Reputation: 22
Quote:
Originally Posted by Teleute View Post
I tried this and it didn't work - however, I did try doing it in /etc/pam.d/su (changed the line "auth required pam_wheel.so use_uid" to "auth required pam_wheel.so group=developers use_uid" and it worked. I did a reference to possibly doing this through pam_access instead, but I need to look into that more. It might be the way to go though, since I think with pam_wheel.so I can only send one group as a parameter, and there might be an occasion where more than one needs to be added...

Thanks for putting me on the right track!
Which command did not work, 'sudo' or 'su'? I prefer to use 'sudo' command so I just modified 'sudoers' config file.

By the way, try modify your '/etc/pam.d/su' look like:
Code:
auth sufficient pam_wheel.so use_uid
auth sufficient pam_wheel.so group=developers use_uid
auth required pam_deny.so
Regards,
MT.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Security with regards to wheel group, and sudo users. jdaw Linux - Security 5 10-20-2008 07:29 AM
group: add complete group into other group max_mad SUSE / openSUSE 1 04-12-2006 01:43 AM
How do I make it so users have to be in the wheel group to su to root? abefroman Linux - Security 7 05-02-2005 01:02 AM
how do i add myself to the wheel group matneyc Linux - Software 4 01-09-2005 11:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration