History – Origin of the ‘Wheel’ Group Name

grouphistorysusudo

The wheel group on *nix computers typically refers to the group with some sort of root-like access. I've heard that on some *nixes it's the group of users with the right to run su, but on Linux that seems to be anyone (although you need the root password, naturally). On Linux distributions I've used it seems to be the group that by default has the right to use sudo; there's an entry in sudoers for them:

%wheel ALL=(ALL) ALL

But that's all tangential; my actual question is: Why is this group called wheel? I've heard miscellaneous explanations for it before, but don't know if any of them are correct. Does anyone know the actual history of the term?

Best Answer

The Jargon File has an answer which seems to agree with JanC.

wheel: n. [from slang ‘big wheel’ for a powerful person] A person who has an active wheel bit...The traditional name of security group zero in BSD (to which the major system-internal users like root belong) is ‘wheel’...

A wheel bit is also helpfully defined:

A privilege bit that allows the possessor to perform some restricted operation on a timesharing system, such as read or write any file on the system regardless of protections, change or look at any address in the running monitor, crash or reload the system, and kill or create jobs and user accounts. The term was invented on the TENEX operating system, and carried over to TOPS-20, XEROX-IFS, and others. The state of being in a privileged logon is sometimes called wheel mode. This term entered the Unix culture from TWENEX in the mid-1980s and has been gaining popularity there (esp. at university sites).

Related Solutions

KDE – Using Sudo on GUI Applications in Arch Linux

This looks like an intentional configuration in Arch Linux. See this for discussion with links to solutions.

The best tip there seems to be adding "DISPLAY XAUTHORITY" to to the "env_keep" defaults in /etc/sudoers.

Fedora has in /etc/sudoers the following and this allows sudo somexapp to succeed.

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

Allow AD Groups to SUDO in Fedora

Several months after you asked but the correct answer is that you remove all domain information from the group. All the information is set and extracted by SSSD automatically.

The only flaw I see in some of your examples is that you escaped the space with a ^.

An AD group of Enterprise Admins would have a sudoers line that starts with

%Enterprise\ Admins

For example, if your domain is example.com, then the sudoers line looks like

%Enterprise\ Admins@example.com ALL=(ALL) ALL

You can verify this by looking calling getent on the group.

getent group Enterprise\ Admins

Best Answer

Related Solutions

KDE – Using Sudo on GUI Applications in Arch Linux

Allow AD Groups to SUDO in Fedora

Related Question