Hi!
I need to know what is the risk involved if a user with UID >100 is attached to a group with gid =1 .i.e., a user is attached to a priviliged group in AIX .
Kindly let me know what security implication can arise in this case?
Early reply in this regard will be highly appreciated.
if the user decides to make changes in a group-writable file and/or directory that is owned by GID 1, there is nothing you can do about it as the user is a valid member with valid rights ...
from a quick scan of my /etc/passwd files --- only root and daemon are members of the "other" group so anything that is group-writable by root with the default uid/gid is open to changes ... if root with gid 1 installs an application and the application directory stays with gid 1 and is group-writable, the gid 1 regular user can potentially remove the application without any checks ... if the application is security-related, the server is now easily compromised ...