04-05-2005
if the user decides to make changes in a group-writable file and/or directory that is owned by GID 1, there is nothing you can do about it as the user is a valid member with valid rights ...
from a quick scan of my /etc/passwd files --- only root and daemon are members of the "other" group so anything that is group-writable by root with the default uid/gid is open to changes ... if root with gid 1 installs an application and the application directory stays with gid 1 and is group-writable, the gid 1 regular user can potentially remove the application without any checks ... if the application is security-related, the server is now easily compromised ...
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I can't get a clear answer on this one...
I have a Oracle user created in group 'dba'
when this user touches a file the group displayed is 'sys' - why?
The 'sys' group is not included in the list of secondary groups for this user.
Is this standard to Oracle on Unix? (AIX)
Anybody? (1 Reply)
Discussion started by: errolg
1 Replies
2. UNIX for Dummies Questions & Answers
Hi!
Herez the scenario
1. logged in as user xxxx
$ id
uid=125(xxxx) gid=101(my_grp) groups=0(system),15(users),16(sysadmin),19(adm),110(appl)
$ touch test
$ ls -la test
-rw-r--r-- 1 xxxx system 0 Mar 7 14:31 test
Why is the group of the file test 'system' and not... (2 Replies)
Discussion started by: sdharmap
2 Replies
3. Solaris
Hi Buddys,
We are using SUN-ONE LDAP and We need to define and implement a quarterly review of privileged accounts in the Unix environment.So, in the unix world, this would involve knowing what accounts are on each server, who has root access, what privileged accounts exist, who can sudo to... (0 Replies)
Discussion started by: bhupals
0 Replies
4. Shell Programming and Scripting
I need to find all the files that have group Read or Write permission or files that have user write permission.
This is what I have so far:
find . -exec ls -l {} \; | awk '/-...rw..w./ {print $1 " " $3 " " $4 " " $9}'
It shows me all files where group read = true, group write = true... (5 Replies)
Discussion started by: shunter63
5 Replies
5. Solaris
Please let me know how to setup a non-root user to be able to access a privileged port (<1024) on Solaris 8. I am currently running tomcat as "tomcat" user and I get the following error during to start up:
SEVERE: Error initializing endpoint
java.net.BindException: Permission denied<null>:443 (5 Replies)
Discussion started by: pingmeback
5 Replies
6. Shell Programming and Scripting
Hello,
is there any command which can show a particular user "xyz" is belongs to how many groups
thanks (3 Replies)
Discussion started by: lookinginfo
3 Replies
7. Ubuntu
Hi,
Anyone can help me on how to duplicate privileges and group for useroradb01 to userrootdb01. I have currently using "useroradb01" and create a newly user "userrootdb01".
I want both in the sames privileges and group. Please see the existing users list below;
drwxr-xr-x 53 useroradb01... (0 Replies)
Discussion started by: fspalero
0 Replies
8. Shell Programming and Scripting
hi
i have vert strange query.. can we add user in unix with out assigned it to any group i mean user which is having no default group or anything..
like this in /etc/passwd file
new_user::::::::
Please help (2 Replies)
Discussion started by: aishsimplesweet
2 Replies
9. Red Hat
Hi,
In the following output you can see the the user "richard" is a member on the team/group "developers":
# id richard
uid=10247(richard) gid=100361(developers) groups=100361(developers),10053(testers)
but in the following details of the said group (developers), the said user... (3 Replies)
Discussion started by: indiansoil
3 Replies
10. UNIX for Beginners Questions & Answers
I have read in many articles that ports below 1024 are privileged ports. My question is if port 1024 is an privileged or a unprivileged port. Some say privileged and some unprivileged.. (1 Reply)
Discussion started by: lobsang
1 Replies
LEARN ABOUT NETBSD
groupadd
GROUPADD(8) BSD System Manager's Manual GROUPADD(8)
NAME
groupadd -- add a group to the system
SYNOPSIS
groupadd [-ov] [-g gid] [-r lowgid..highgid] group
DESCRIPTION
The groupadd utility adds a group to the system. See group(8) for more information about EXTENSIONS. The options are as follows:
-g gid Give the numeric group identifier to be used for the new group.
-o Allow the new group to have a gid which is already in use for another group.
-r lowgid..highgid
Set the low and high bounds of a gid range for new groups. A new group can only be created if there are gids which can be assigned
inside the range. This option is included if built with EXTENSIONS.
-v Enable verbose mode - explain the commands as they are executed. This option is included if built with EXTENSIONS.
EXIT STATUS
The groupadd utility exits 0 on success, and >0 if an error occurs.
SEE ALSO
group(5), group(8), user(8)
HISTORY
The groupadd utility first appeared in NetBSD 1.5. It is based on the addnerd package by the same author.
AUTHORS
The groupadd utility was written by Alistair G. Crooks <agc@NetBSD.org>.
BSD
November 7, 2005 BSD