The security policy enforced by pam_wheel.so module is to grant
privilege of su'ing to `both root and non-root' only to people
in a privileged group(default wheel group, if not found, group with
gid=0). I think it's overkilling. The reasoning is as follows:
1. It should do just what it claims to do: "only permit root
authentication to members of wheel group", but no more. That is,
leave non-root authentication alone.
2. Even if it's desirable to restrict su'ing to non-root, and to
incorporate this function into pam_wheel, it should be implemented
in a different level, perhaps by designing different arguments for
pam_wheel. Su'ing to root has much more security concern than su'ing
to general users. And the latter would be very convenient for two
users who trust each other and share each other's passwords. The
admin should not deprive their humble wishes of doing that. It's not
related to the wheel group membership. The policy is UNFAIR that they
are not allowed to su to each other just because they are not members
of the wheel group, which has only to do with system maintenance they
would never be interested in.
Yet another concern comes to me: what about su'ing to wheel members by
non-wheel members. Should it be implemented in yet another different
pam_wheel argument. Maybe it's good, maybe it's overkilling on the other
end.
Should I file a `bug' report? Or do I over-sympathize with the dummy
users who are always messing things up. Any suggestion and correction
would be highly appreciated.
--KhoGuan Phuann
_______________________________________________
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list
