Re: Please verify these 2 OpenBSD Bugs (FAQ, adduser, login.conf)

[Otto Moerbeek <otto@drijf.net>]

On Sat, 1 Jan 2005, Matthias Kilian wrote:

> On Sat, Jan 01, 2005 at 11:04:30AM +0100, Otto Moerbeek wrote:
> > Again, read group(5). If the primary group is wheel, there's no need to 
> > add the user to the wheel group in /etc/group. It has always been this 
> > way, and su(1) works. /etc/group is used to record _secondary_ groups.
> 
> There's a little caveat with su(1), which may indeed cause some
> confusion:
> 
>   If group 0 (normally ``wheel'') has users listed then only those
>   users can su to ``root''.  It is not sufficient to change a user's
>   /etc/passwd entry to add them to the ``wheel'' group; they must
>   explicitly be listed in /etc/group.  If no one is in the ``wheel''
>   group, it is ignored, and anyone who knows the root password is
>   permitted to su to ``root''.

Thanks for mentioning that. I my mind the OP was talking about sudo(1), 
while the original question was about su(1), indeed.

Once again, it is shown that careful reading is required. But, as it 
seems, all questions posted by the OP are answered by the man pages
su(1) and group(5).

	-Otto