What are the groups 'users' and 'other' for?

rhel security users group hardening
10,511

One might easily think that users is meant to be assigned to every non-daemon user, but that's not the case. Remember that groups are a mean to control permissions...if that were to be the case wouldn't belonging to users be meaningles? Imagine trying to make use of that group: to keep a file that belongs to group users private, you would need to assign it the same permission bits to the "group" as you would to "others", as every user would be part of that group. Redundant and useless, if not plain annoying.

In reality, the users group exists just to be assigned to users which don't need to belong in any other group, as far as permissions are concerned. It basically exists just because every user must be at least part of a primary group (which you can find in /etc/passwd)...think of users like a "fallback", if no group is assigned to an user. (the useradd utility actually uses it as a fallback, if no group is given and homonym groups are disabled)

For this very same reason, you will find that the users group does not usually get any particular permission on the filesystem: no administrator will ever create a file which is owned by the users group, (if he wanted to allow any user to manipulate a file, he would instead use chmod o+rwx). So, it doesn't matter if you belong to that group or not, it will not give you any special permissions...that's why, unless you have no other group you're being assigned to, there's absolutely no need to assign an user to it (its insignificance, permission-wise, is very similar to that of nogroup).

As for the other group, i don't see it neither in my fresh CentOS 7 installation nor in my Ubuntu 14, so i'm guessing the document you read refers to the other portion of the Discrectionary Access Control bits (the last octal digit you can edit with chmod), or a group created and used by some application...so, asking for the reason for its existence is like asking why the group "www-data", created by nginx, exists: it just depends on what the application that created the group wants to do with it.

Share:
10,511

Related videos on Youtube

fikr4n
Author by

fikr4n

Interested in open source software, Linux, Android, Python, Ruby, security, and more

Updated on September 18, 2022

Comments

  • fikr4n
    fikr4n almost 2 years

    There is a proprietary document about system hardening/security standard stating that group users, nogroup, other, and some other groups should not contain any user except system administrators. I've found an explanation about nogroup group here. What about the users and other groups? What are they for? Why regular (non-administrator) users should not be member of these groups?

    • muru
      muru over 7 years
      Which distro is this?
    • fikr4n
      fikr4n over 7 years
      @muru RHEL (Red Hat Enterprise Linux)
  • fikr4n
    fikr4n over 7 years
    So, what are they for? I mean, why non-admin users should not be in these groups?
  • Mario Vitale
    Mario Vitale over 7 years
    Answer updated.
  • Mario Vitale
    Mario Vitale over 7 years
    As the answer says, group "users" has no security relevance at all. Groups like "adm", "admin" or "wheel" (in CentOS) are the ones that set apart administrators from normal users.
  • fikr4n
    fikr4n over 7 years
    The person who wrote the hardening document might be drunk :D

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

RHEL 7.5 - How to remove user from a group?
How to stop users from Switching to Root user
Why is it recommended to create a group and user for some applications?
Allow paswordless user to change to another passwordless user
How to disable internet for a user on a system
How to harden a ubuntu desktop?
How do I allow a user to only run the apt-get update command with sudo?
recommended procedure to create a user/group during RPM install
adding local content in /etc/sudoers.d/ instead of directly modifying sodoers file via visudo
Why is it bad to log in as root?