# How can i list the existing groups???[SOLVED]

## Jerichoo

Hello everyone,

I am sure the title is not clear but couldn't find better title than that anyway my question is that i wanna list all the groups in my linux machine.Like when we creating new user we are registering this user to some groups like wheel,audio,floppy etc.i wanna see all the available groups.

plus every time i  install a program can i see if the program created a new group?Last edited by Jerichoo on Sat May 18, 2013 8:10 am; edited 2 times in total

----------

## 666threesixes666

my users groups =

mkultra@mksrv ~ $ groups

wheel audio video games kvm users plugdev mkultra

to list all groups available

cat /etc/group

----------

## John R. Graham

Correct. Slightly more fancy,

```
awk -F':' '{ print $1 }' /etc/group
```

shows just the groups without the other information the file contains.

- John

----------

## Jerichoo

what is the difference between root and a user who has all the groups available?

----------

## 666threesixes666

ls -al shows file permissions, users, and groups associated...  there are 3 blocks of permissions.  1 user 2 groups 3 others....  rwx rx rx = groups cannot write files.  rwx rx --- = the user can read write execute group can read execute everyone else who is not the user or group member cannot do anything.  its a REALLY loaded question.  

this is as i understand it...  not necessarily the end all answer

so a root root rwx rx --- file would not be writable as a user in the root group, where the root user would have power to write to that file.

its in the cluster of commands involving chown, chgrp, chmod...  permission management, security lock down of your systems files.

----------

## Ant P.

 *Jerichoo wrote:*   

> what is the difference between root and a user who has all the groups available?

 

Quite a lot of (sometimes badly written) programs will behave differently based solely on whether or not they're run under userid 0. You don't even need to be in particular groups to do root-level damage as a normal user, file capabilities can grant all root privileges to any user running a given program.

----------

## Jerichoo

The last question 

do you think that is it vulnerability  making a user member of the all available groups without changing any file permissions for daily use?.

----------

## mv

 *Jerichoo wrote:*   

> do you think that is it vulnerability  making a user member of the all available groups

 

Yes. From the security viewpoint it is practically equivalent of running under root: If e.g. a vulnerability in your browser is exploited, any data can be changed; in particular, the attacker will get a rootkit installed in the same manner as if you were root - he does not need a privilege escalation bug to achieve this, since your configuration is that bug   :Wink: 

----------

## Jerichoo

thank you all  :Very Happy: 

----------

## papahuhn

 *mv wrote:*   

> Yes. From the security viewpoint it is practically equivalent of running under root: If e.g. a vulnerability in your browser is exploited, any data can be changed; in particular, the attacker will get a rootkit installed in the same manner as if you were root - he does not need a privilege escalation bug to achieve this, since your configuration is that bug  

 

Well, it's not THAT bad (but I still wouldn't do it). All files under /bin, /sbin/, /lib are only writeable by uid=root. Moreover, with gid=root but uid!=root, one does not have special privileges by oneself (seteuid, setegid, ...); gid=root is not a special group like uid=root is a special user.

----------

## mv

 *papahuhn wrote:*   

> Well, it's not THAT bad (but I still wouldn't do it). All files under /bin, /sbin/, /lib are only writeable by uid=root.

 

You can just write on the disk by /dev/sd* and thus change anything which you want. If you do not want to install a full rootkit in this way: You only need to save your install program and make it suid root by writing to /dev/sd*, and you can install your rootkit with full root privileges. There are probably also many other possibilities to become root if you belong to all groups: Also do not forget that you have full access to the whole memory (at least readonly), to all tty's, to the printer daemon (which has also a part running as root) etc. If you use a broken design concept like polkit (with a root daemon running), it is probably also easy to obtain root privileges in this way.

----------

## papahuhn

You're right, the disk-group weighs pretty heavy here.

----------

