Is There A Security Risk With Users That Are Also Groups?
Posted
by
Rob P.
on Ask Ubuntu
See other posts from Ask Ubuntu
or by Rob P.
Published on 2012-10-14T20:54:34Z
Indexed on
2012/10/14
21:50 UTC
Read the original article
Hit count: 284
I know a little about users and groups; in the past I might have had a group like 'DBAS' or 'ADMINS' and I'd add individual users to each group...
But I was surprised to learn I could add users to other users - as if they were groups.
For example if my /etc/group contained the following:
user1:x:12501:
user2:x:12502:user1
admin:x:123:user2,jim,bob
Since user2 is a member of the admin group, and user1 is a member of user2 - is user1 effectively an admin? If the admin group is in the sudoers file, can user1 use it as well?
I've tried to simulate this and I haven't been able to do so as user1...but I'm not sure it's impossible.
EDIT: SORRY - updated error in question.
© Ask Ubuntu or respective owner