1

TL;DR

I log in to a server testserver with my account testuser and I am able to perform a sudo -s because I am in the sysadm group.

When I query groups I get the sysadm group, but when I query the group directly with cat /etc/group or getent group sysadm my login is not listed in that group.

Why?

Long version

I have a user account testuser that I can use to login via putty (SSH) to a terminal session on a server (Ubuntu 14.04) called testserver.

When I run the groups command I get the following output for my account:

sysadm

Ok, so I should be in the sysadm group. I then list the sysadm group members:

getent group sysadm

...which produces the following result:

sysadm:x:800:

At this point I am slightly confused. I (testuser) am in the group and again I'm (visually) not in that group, because there are no entries at the end of the groups output.

I took a look at the sudoer configuration with visudo. I have the following configuration:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
#%admin ALL=(ALL) ALL
%sysadm ALL=(ALL) ALL

# Allow members of group sudo to execute any command
#%sudo  ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

That's all there is in that file.

Summary

  1. I have found out that I am in the sysadm group
  2. The sysadm group does not contain any members
  3. I can sudo -s and then do whatever I want to

Questions

  1. How can I retrieve information from the system which will tell me why I am in the sysadm group?
  2. Are there any other configuration settings that will put my login in a group, that I am currently not aware of?
    a) Active Directory
    b) Policies
    c) ...

I have read the following articles so far, but none of them helped me find out why I am in the sysadm group but (visually) not in that group.

Community
  • 1
John K. N.
  • 153
  • 1
    Does your entry in /etc/passwd put you in group 800 at login? getent passwd $USER | cut -d: -f4 will show you your login group. How did you (or whoever) create the testuser account? – waltinator Mar 08 '17 at 15:03
  • Your command returned a wonderful 800 back. So your comment is the answer to my question. This means that there is a default group for each user and this happens to be in my case the groupid of the sysadm group. Could you please post as response so that I can mark it as the correct answer. – John K. N. Mar 08 '17 at 15:12

1 Answers1

1

Does your entry in /etc/passwd put you in group 800 at login? getent passwd $USER | cut -d: -f4 will show you your login group. How did you (or whoever) create the testuser account?

To change your group, you will have to change /etc/passwd (man vipw), AND change the group on all the files and directories with sudo chgrp -R $NewGroup $HOME, then log out and in again.

"User" (as opposed to "System") groups usually start at 1000, but you can check in /etc/login.defs (UID_MIN).

Again, how did you (or whoever) create the testuser account?

waltinator
  • 36,399
  • The user was created for me (DBA) by the system administrator (root) and I have no knowledge how the user was created. I was just wondering how the link was made between my login account and the group. This is done during user creation. – John K. N. Mar 08 '17 at 15:24
  • 1
    Complain to the system administrator that she put you in a system group, and tell her she needs to read man adduser. Using adduserwill prevent similar errors in the future. – waltinator Mar 08 '17 at 15:30