Should any user be allowed to create group?

Joseph Yip (yip@acs.ucalgary.ca)
Wed, 12 Oct 94 11:13:02 MDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Perry E. Metzger: "Re: finger-bombing"
Previous message: Alexander L. Haiut: "Re: IRC problems & other fun?"

The mkgroup command on AIX 3.2.5 is a SUID program which is
public executable. I have reported it to IBM as a security
problem but they say that it is working as designed. Since I
don't have access to UNIX based systems other than AIX, I wonder
if someone could tell me whether other UNIX vendors allow any
user on the system to create and manage groups. One implication
I can think of is that any user can gain access to files and
directories that belong to an unassigned GID. Thanks in advance!

-- 
Joseph Yip	University Computing Services	(403) 220-6218

Next message: Perry E. Metzger: "Re: finger-bombing"
Previous message: Alexander L. Haiut: "Re: IRC problems & other fun?"