Is There A Security Risk With Users That Are Also Groups?

Posted by Rob P. on Ask Ubuntu See other posts from Ask Ubuntu or by Rob P.
Published on 2012-10-14T20:54:34Z Indexed on 2012/10/14 21:50 UTC
Read the original article Hit count: 284

Filed under:
|

I know a little about users and groups; in the past I might have had a group like 'DBAS' or 'ADMINS' and I'd add individual users to each group...

But I was surprised to learn I could add users to other users - as if they were groups.

For example if my /etc/group contained the following:

user1:x:12501:
user2:x:12502:user1
admin:x:123:user2,jim,bob

Since user2 is a member of the admin group, and user1 is a member of user2 - is user1 effectively an admin? If the admin group is in the sudoers file, can user1 use it as well?

I've tried to simulate this and I haven't been able to do so as user1...but I'm not sure it's impossible.

EDIT: SORRY - updated error in question.

© Ask Ubuntu or respective owner

Related posts about security

Related posts about users