Jim DeLaHunt asked:
I am setting up a new server based on FreeNAS, a FreeBSD-based operating system. The system has a group,
wheel. I have a vague idea that sysadmins should be added to group
wheel, and that the group confers ability to use
su (superuser). However, I can’t find this written down anywhere.
What is the purpose of group
wheel? Under what circumstances I should add my users to it? If you can point me to a FreeBSD sysadmin handbook which explains this, great. Otherwise ServerFault becomes that handbook.
It’s right in the
su(1) man page.
PAM is used to set the policy su(1) will use. In particular, by default only users in the "wheel" group can switch to UID 0 ("root"). This group requirement may be changed by modifying the "pam_group" section of /etc/pam.d/su. See pam_group(8) for details on how to modify this set- ting.
A very ancient version of the man page said:
Only users who are a member of group 0 (normally "wheel") can su to "root". If group 0 is missing or empty, any user can su to "root".
This allows you to control which users can
su. It is not likely that you want every single user of your system to be able to
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.