1

Is There A Security Risk With Users That Are Also Groups?

view story
linux-howto

http://askubuntu.com – I know a little about users and groups; in the past I might have had a group like 'DBAS' or 'ADMINS' and I'd add individual users to each group... But I was surprised to learn I could add users to other users - as if they were groups. For example if my /etc/group contained the following: user1:x:12501: user2:x:12502:user1 admin:x:123:user2,jim,bob Since user2 is a member of the admin group, and user1 is a member of user2 - is user1 effectively an admin? If the admin group is in the sudoers file, can user2 use it as well? I've tried to simulate this and I haven't been able to do so as us (HowTos)