135

I recently reinstalled iTunes and I noticed something peculiar.

The original version of iTunes has a user in the permissions known as wheel that is set to "Read Only".

I dragged this version of iTunes to the trash and installed a new copy, and when I look at the properties for iTunes it no longer says wheel, but rather just admin.

Here is a screenshot with the new version (left) and the old version (right):

enter image description here

What is the wheel user? How is it set (I can't seem to set it in the GUI)? Why would the permissions be different now?

It's not a problem, I'm just terribly curious.

Improve this question
1
  • 13
    I know this is old, but "wheel" is a group, not a user.
    – Rich Homolka
    Commented Nov 15, 2012 at 15:35

3 Answers 3

Reset to default
131

Some color:

Mac OS X has roots in BSD UNIX, a.k.a. the UNIX that came out of UC Berkeley. They had a group of trusted people that could become superuser by using the su command. So they coded their UNIX to only allow people in this specific group to become superuser using su. They chose the groupname 'wheel', supposedly reference to other systems that had WHEEL, possibly a reference to being a 'big wheel'

It's less important now that you have the GUI authorization popups and sudo. You can use sudo without being in wheel group I believe.

As far as how to change to wheel, chgrp should be your friend, once you're root.

Improve this answer
4
  • 8
    +1 Good answer. I'd add the note that wheel is group ID 0, just like root is user ID 0. You're right that, you don't have to be wheel to sudo. Mac OS X uses the group "admin" (group ID 80) as the default sudoers group. When you check the box to make an account an admin account, it gets added to the admin group.
    – Spiff
    Commented Sep 23, 2010 at 17:42
  • chgrp operates on ownership files, newgrp changes the user to the group. newgrp enables (read/write/execute) use of multiple group memberships, one at the time.
    – bbaassssiiee
    Commented Oct 23, 2014 at 3:51
  • 1
    I just tried to sudo from a non-admin account and that did not work. However... you can su <admin-username> and once you've done that you can sudo as you want.
    – JL Peyret
    Commented Mar 17, 2016 at 6:42
  • If it doesn't work you might want to try sudo -u <admin-user> <command>. But for my experience the password to use is the one for the logged user rather than the password of the specified (or default) admin-user (supposedly root ?)
    – Kamafeather
    Commented Aug 28, 2019 at 10:07
36

wheel is the system administrator group in BSD, much like root is the system administrator user.

It is common to add sudo permissions to users in the wheel group.

Improve this answer
2
  • 2
    Thanks Broam. Any idea how you would set a file to be part of the wheel group?
    – ralphthemagician
    Commented Sep 23, 2010 at 15:06
  • 5
    chgrp wheel file
    – Broam
    Commented Sep 23, 2010 at 19:11
12

wheel is the group used by OSX for the 'system' /Applications. It was present since at least 1989-03-13 in the source of BSD Unix.

Whether the connotation is 'big wheel' or 'wheel of fortune' is unclear from my sources, but membership of wheel is special.

In OS X PAM is used to set the policy that su(1) will use. In particular, by default only users in the admin or wheel groups can switch to UID 0 (root). This group requirement may be changed by modifying the pam_group section of /etc/pam.d/su. See pam_group(8) for details on how to modify this setting.

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .