1. Introduction

Since privileges and privilege levels are important for any computer system, superusers like root have been part of the UNIX world since its beginning. However, such users possess great power over all matters of an operating system (OS). Because of this, there are mechanisms such as groups that can restrict which user accounts can escalate their session to the superuser status.

In this tutorial, we’ll talk about the historical wheel group and its significance in modern Linux distributions. First, we go through a quick refresher on users and groups. After that, we explore the function of the wheel group. Finally, we ponder the origin and etymology of the group name.

We tested the code in this tutorial on Debian 12 (Bookworm) with GNU Bash 5.2.15. It should work in most POSIX-compliant environments unless otherwise specified.

2. Users and Groups

Users and groups are two of the main principal types within a Linux system. In fact, managing users and groups is one of the primary ways to delegate authority and assign permissions and privileges.

2.1. Users

At its core, a user is no more than a user identifier (UID) as defined in a prespecified place within the OS. Still, Linux users can have many attributes, with the main ones being part of /etc/passwd:

  • username
  • password
  • user ID
  • group ID
  • free-text information
  • home directory path
  • command or shell

By identifying the current user, rules, and policies can be refined for any OS security mechanism:

Notably, one of the attributes above is the group of the user. In particular, this provides the main or primal group name, but users can be part of many groups. In fact, this is perhaps one of the more important features of this principal type.

2.2. Groups

Just like users, a group is just a group identifier (GID) and the mechanics behind it. However, groups have two properties:

  • have their own privileges and permissions
  • may contain multiple users

Because of these characteristics, a group helps assign multiple security rules to different users without going through them one by one.

For example, we can have the webadmins group with the respective full permissions over the web server document root and potentially some web configuration files. Adding users to that group would automatically enable them to access and configure different aspects of a website deployment.

3. wheel Group

Just like other groups in the system, the main function of wheel is to provide certain permissions to users that belong to it.

In particular, the wheel group should contain the only users who can elevate their session to that of a superuser or root. To enforce its function, we enable and configure a Pluggable Authentication Module (PAM):

$ cat /etc/pam.d/su
[...]
auth required pam_wheel.so

By either adding or uncommenting the line above in /etc/pam.d/su, we leverage the pam_wheel module to ensure only users that are part of wheel can use su to become a superuser.

In fact, we can also enforce the reverse:

$ cat /etc/pam.d/su
[...]
auth required pam_wheel.so deny

Adding this line means we don’t allow any user in wheel to elevate their privileges to UID 0.

Finally, we can specify a different group name to function like this:

$ cat /etc/pam.d/su
[...]
auth required pam_wheel.so deny group=nonwheel

Now, users in nonwheel aren’t allowed to become root.

Having the last option is especially important since close UNIX relatives like OpenBSD and FreeBSD ship with wheel, but not all Linux distributions have it built-in:

$ grep wheel /etc/group

Here, we check the /etc/group file for wheel via grep and verify it’s not present. Still, we can always create it since it’s just a regular principal. For instance, in Debian, the sudo group usually replaces wheel.

4. wheel Group Name

There are different speculations about the origin and etymology of the wheel group name.

Perhaps one of the most prevalent and trusted interpretations is the slang term big wheel, meaning an important and powerful person. Supposedly, this term comes from World War II.

However, since there isn’t a single source of truth on the matter, other interpretations are also possible:

  • steering wheel: where a machine is driven from
  • wheel technology: origin (root) of smooth motion and inventor of the wheel
  • cog: ensures a machine works

Further, some old operating systems like TENEXT and TOP-20 contain a special bit: wheel. The wheel bit enables the central processing unit (CPU) to run any privileged instruction. The term entered the UNIX world much later but is still used.

5. Summary

In this article, we talked about the wheel group, its function, and name origin.

In conclusion, whatever the origin, wheel is often still an important part of privilege and permissions management.