Why is root in wheel and operator? Can root being in a group ever make a difference?
In short: no. Having root on wheel
and operator
group change nothing.
But you are also questioning 2 other things:
root group id is (by default) set to 0, which is closest thing to a empty value you can get.
$ head -4 /etc/passwd # $FreeBSD: releng/9.2/etc/master.passwd 243947 2012-12-06 11:52:31Z rwatson $ # root:*:0:0:Charlie &:/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root:
As said, every user has to have a group, so you cannot set root group id (nor any user gid) to a void or blank value. If you try to set a user gid to blank, you will be warned by
pwd_mkdb
:pwd_mkdb: no gid for user root pwd_mkdb: at line #3 pwd_mkdb: /etc/pw.Rlb2U3: Inappropriate file type or format re-edit the password file?
So the fact that root is defined is more about having it properly named instead of just a dumb number. You can change root gid to any meaningless number (gid not within
/etc/group
). Your root user would still be able to log in,su
or whatever else root can do. You will just end up have something like that:$ id uid=0(root) gid=10000 groups=10000,5(operator)
about why some users are in the wheel group that is a totally different story, as FreeBSD, like OpenBSD or NetBSD, users have to be part of the
wheel
in order tosu
root.From FreeBSD documentation (chapter 9.4):
To su to root (or any other account with superuser privileges), you must be in the wheel group. If this feature were not there, anybody with an account on a system who also found out root's password would be able to gain superuser level access to the system. With this feature, this is not strictly true; su(1) will prevent them from even trying to enter the password if they are not in wheel.
But you are right, removing the root user from the wheel would not change things. This is purely formal, as much as the toor user is nor part of wheel or root is part of operator group.
The operator group is however, purely formal, without any special meanings in itself.
Here is also what Richard Stallman think about the wheel group (from gnu su manual):
Why GNU "su" does not support the `wheel' group ===============================================
(This section is by Richard Stallman.)
Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual "su" mechanism, once someone learns the root password who sympathizes with the ordinary users, he or she can tell the rest. The "wheel group" feature would make this impossible, and thus cement the power of the rulers.
I'm on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.