Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-06-2012, 06:37 AM   #1
Registered: Dec 2007
Posts: 71

Rep: Reputation: 16
Root ownership vs wheel ownership

Hi everyone,

I am running some security reviews on a suite of RHEL5 servers and one of the findings is that /etc/init.d/nails is owned by wheel rather than root, sys, bin, adm, other, or system (isn't wheel part of "other" anyway? lol)

What are the security implications of having something like this owned by wheel vs being owned by root? There is no one in the wheel group who shouldn't be there; I just would like to understand what the difference is and why these scripts think it's a finding. There were several other directories and even log files that were owned by wheel instead of root or one of the other users mentioned and they came up as findings too. I have changed those without any ill effects. From what I understand, the wheel group is just a collection of users who are allowed to sudo, so isn't that essentially the same thing as being owned by root, other than the fact that potentially other users who are allowed to sudo could also do the same things root can?

I just don't really see the issue, since I would hope that people only put users they trust in the wheel group. Another set of findings shows that the "wheel group is the group owner of multiple rc files."

This is a high-security environment so maybe the tools are just excessively paranoid, but why do they seem to hate the wheel group so much? Maybe someone with more fundamental or technical unix security knowledge can shed some light on this.

Any ideas?


Last edited by StupidNewbie; 08-06-2012 at 06:40 AM.
Old 08-06-2012, 07:49 AM   #2
LQ Newbie
Registered: Aug 2011
Location: Tampa, Florida
Distribution: Ubuntu
Posts: 4

Rep: Reputation: Disabled
Wheel is just a user group normally used by FreeBSD. Admin is usually added to the wheel group and root / administrator writes are usually awarded to whoever you put in that group. (as you said) However when you try to remote (ssh) into the server you will not be able to login as root. You will have to login as admin or another user you have in the wheel group.

It is pretty much the same thing as giving root or sudo privileges to a user and denying or turning off root access to the server. At least over ssh.
Old 08-08-2012, 12:52 PM   #3
Registered: Dec 2007
Posts: 71

Original Poster
Rep: Reputation: 16
Ok, thanks for the response. It turns out the tools are just a little paranoid. I changed the ownership of the files/directories it was complaining about to root:root and now it likes it, lol.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Non-root user set ownership for others... Meson Linux - Security 8 10-11-2008 07:36 PM
Root file ownership problems AF_user Linux - Newbie 5 10-10-2008 01:08 PM
Partition ownership user or root drudge Linux - General 4 09-22-2007 11:29 AM
apache doc root ownership lt_wentoncha Linux - Software 3 06-30-2006 04:54 PM
I've tried everything - Can't Change Root Ownership of USB HD rrrssssss Linux - Newbie 5 11-24-2005 04:52 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:24 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration