Since privileges and privilege levels are important for any computer system, superusers like root have been part of the UNIX world since its beginning. However, such users possess great power over all matters of an operating system (OS). Because of this, there are mechanisms such as groups that can restrict which user accounts can escalate their session to the superuser status.
In this tutorial, we’ll talk about the historical wheel group and its significance in modern Linux distributions. First, we go through a quick refresher on users and groups. After that, we explore the function of the wheel group. Finally, we ponder the origin and etymology of the group name.
2. Users and Groups
At its core, a user is no more than a user identifier (UID) as defined in a prespecified place within the OS. Still, Linux users can have many attributes, with the main ones being part of /etc/passwd:
By identifying the current user, rules, and policies can be refined for any OS security mechanism:
- access control list (ACL)
- discretionary access control (DAC), such as regular and special permissions
Notably, one of the attributes above is the group of the user. In particular, this provides the main or primal group name, but users can be part of many groups. In fact, this is perhaps one of the more important features of this principal type.
Just like users, a group is just a group identifier (GID) and the mechanics behind it. However, groups have two properties:
- have their own privileges and permissions
- may contain multiple users
Because of these characteristics, a group helps assign multiple security rules to different users without going through them one by one.
For example, we can have the webadmins group with the respective full permissions over the web server document root and potentially some web configuration files. Adding users to that group would automatically enable them to access and configure different aspects of a website deployment.
3. wheel Group
Just like other groups in the system, the main function of wheel is to provide certain permissions to users that belong to it.
In particular, the wheel group should contain the only users who can elevate their session to that of a superuser or root. To enforce its function, we enable and configure a Pluggable Authentication Module (PAM):
$ cat /etc/pam.d/su
auth required pam_wheel.so
In fact, we can also enforce the reverse:
$ cat /etc/pam.d/su
auth required pam_wheel.so deny
Adding this line means we don’t allow any user in wheel to elevate their privileges to UID 0.
Finally, we can specify a different group name to function like this:
$ cat /etc/pam.d/su
auth required pam_wheel.so deny group=nonwheel
Now, users in nonwheel aren’t allowed to become root.
$ grep wheel /etc/group
Here, we check the /etc/group file for wheel via grep and verify it’s not present. Still, we can always create it since it’s just a regular principal. For instance, in Debian, the sudo group usually replaces wheel.
4. wheel Group Name
There are different speculations about the origin and etymology of the wheel group name.
Perhaps one of the most prevalent and trusted interpretations is the slang term big wheel, meaning an important and powerful person. Supposedly, this term comes from World War II.
However, since there isn’t a single source of truth on the matter, other interpretations are also possible:
- steering wheel: where a machine is driven from
- wheel technology: origin (root) of smooth motion and inventor of the wheel
- cog: ensures a machine works
Further, some old operating systems like TENEXT and TOP-20 contain a special bit: wheel. The wheel bit enables the central processing unit (CPU) to run any privileged instruction. The term entered the UNIX world much later but is still used.
In this article, we talked about the wheel group, its function, and name origin.
In conclusion, whatever the origin, wheel is often still an important part of privilege and permissions management.