[cperciva]

What is special about the 'wheel' group and what is su even "checking" in the first place?

Users who aren't in the wheel group aren't supposed to be able to become root, even if they have the password.

Isn't it just supposed to switch user? And what are the implications of not-checking whatever it was supposed to check?

Someone who steals the root password (say, by looking over the sysadmin's shoulder) would be able to become root.

And I also don't get: if someone has the root password, can't they change what groups they're a member of?

No, because they can't log in as root and (on non-broken systems) can't become root.

[ilyagr]

Native question: if you can `sudo`, can't you just `sudo bash`? What can you do with `su` that you couldn't do with `sudo bash`?

Or is the wheel group not really about being able to sudo?

[cdrt]

You’re thinking about it backwards

`su` predates `sudo` by a decade doesn’t offer the fine-grained control `sudo` has. With `su` if you have the root password, you can do anything you want as root. With `sudo` admins can configure what commands users are allowed to run as root and could specifically block `sudo bash` from running.

[tedunangst]

Wheel and su predate sudo by many years. sudo has a config file called sudoers; su has a config file called the wheel line in /etc/group.

[justsomehnguy]

It's 'substitute user', not just 'super user'. With su you can impersonate any user.

Wheel users can do anything because (default) sudoers contains

  %wheel  ALL=(ALL)   ALL

https://unix.stackexchange.com/questions/152442/what-is-the-...