Wheel Group originated in the TENEX OS, distributed, widely used in 1960s. Wheel Group has wheel account, has additional system privileges. UNIX Operating System and Unix-Like Operating Systems including (not all) GNU Linux, there are some differences. It must be noted that; GNU
su' does not support the wheel’ group. This is official text :
Why GNU `su' does not support the `wheel' group
(This section is by Richard Stallman.)
Sometimes a few of the users try to hold total power over all the
rest. For example, in 1984, a few users at the MIT AI lab decided to
seize power by changing the operator password on the Twenex system and
keeping it secret from everyone else. (I was able to thwart this coup
and give power back to the users by patching the kernel, but I wouldn't
know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual
`su' mechanism, once someone learns the root password who sympathizes
with the ordinary users, he or she can tell the rest. The "wheel
group" feature would make this impossible, and thus cement the power of
I'm on the side of the masses, not that of the rulers. If you are
used to supporting the bosses and sysadmins in whatever they do, you
might find this idea strange at first.
Basics on Wheel Group in UNIX and Unix-Like OS
GNU Linux systems do not enable the Wheel Group by default. FreeBSD, OpenBSD, NetBSD, Apple OS X and all UNIX OS; however has Wheel Group by default. In some Linux distributions like Gentoo Linux alternative implementations maintain these requirements.
Because of the migration of system developers TENEX/TOPS-20 Unix , the term was adopted by the Unix community. In several of these systems the command “su”can be used to gain the root access. Anticipating misuse, some system administrators only allow access the command by certain groups, often identified as wheel, indicating a higher level of confidence. In a GNU Linux is not necessary that a user is in the wheel group to use the su command, this is mainly for philosophical reasons.
More Information on Wheel Group and Practical Part
Modern Unix implementations generally include a security protocol that requires a user be a member of the wheel user privileges group in order to gain superuser access to a machine by using the
su command. When a server had to be maintained at a higher level than the day-to-day system administration, root rights were often required. The
Wheel Group was used to create a pool of user accounts that were allowed to get that level of access to the server.
To check yourself on OS X 10.9, open the group file in nano text editor :
This is the screenshot :
For Linux : Most GNU Linux systems, come without wheel groups configured and implemented. However, a wheel group implementation requires no special effort. The basic set up, as it was in the beginning. Create a
wheel group in
/etc/groups. Change the permissions of the
su command so that only those in the
wheel group may run it.
You can add yourself to wheel when creating your account using
vi to edit the file
/etc/group; add your username to the end of the line starting with wheel :
visudo allows you to tailor the
/etc/sudoers file which determines who may run what commands using sudo. On UNIX the same file can be edited using :
sudo nano /etc/sudoers
Another interesting file on GNU Linux is :
Can be opened with :
sudo nano /etc/suauth
For not being member of
wheel implies that one will not be able to use su to get a root access. A sample suauth file is :
# sample /etc/suauth file
# A couple of privileged usernames may
# su to root with their own password.
# Anyone else may not su to root unless in
# group wheel. This is how BSD does things.
root:ALL EXCEPT GROUP wheel:DENY
The same kind of file exists on UNIX (BSD variants and OS X) as
DO NOT Edit any file without knowing theory in details. Wrong editing can result in buffer overflow/buffer overrun.