implications of adding root to a group

Steve O'Hara-Smith steve at sohara.org
Fri Aug 24 05:54:03 UTC 2012


On Thu, 23 Aug 2012 23:07:04 +0200
Damien Fleuriot <ml at my.gd> wrote:

> 
> On 23 Aug 2012, at 17:26, Steve O'Hara-Smith <steve at sohara.org> wrote:
> 
> > On Thu, 23 Aug 2012 07:51:10 -0700
> > Krims G <krimskrims at gmail.com> wrote:
> > 
> >> Hello, I've been looking at the /etc/group and have noticed that some
> >> groups have root included in them, for example "operator". Is it not
> >> implied that root has access to all things and groups? What is the
> >> purpose of adding root to a group? If I add root to some new arbitrary
> >> group, what does it result in differently than if I do not add root to
> >> that group?
> > 
> >    The root user has the ability to ignore file permissions, but not
> > the ability to subvert group membership tests in scripts or programs.
> > 
> > -- 
> > Steve O'Hara-Smith                          |   
> 
> 
> While I can compute what you wrote, I fail to see the implications.
> 
> Would you kindly explain in layman's terms ?

	Any script or program that checks group membership before
proceeding will execute for root regardless of permissions but won't do
anything (except emit a message) unless root is also a member of the
required group.
 
-- 
Steve O'Hara-Smith                          |   Directable Mirror Arrays
C:>WIN                                      | A better way to focus the sun
The computer obeys and wins.                |    licences available see
You lose and Bill collects.                 |    http://www.sohara.org/


More information about the freebsd-questions mailing list