[Bug 1339518] Re: sudo config file specifies group "admin" that doesn't exist in system
Trent Lloyd
1339518 at bugs.launchpad.net
Thu Nov 18 07:12:08 UTC 2021
Just noticed this today, it's still the same on Ubuntu 20.04. The
default sudoers file ships the admin group having sudo privileges but
the group doesn't exist by default.
While it doesn't have out of the box security implications, I think this
is a security concern as someone could potentially add an 'admin' user
and not expect them to get sudo access with the default matching group
name created for them.
For example downstream products like web hosting or control panel style
tools that creates users with a user-provided name. Since neither the
user or group 'admin' exists by default they could be fooled into
creating escalatable privileges.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1339518
Title:
sudo config file specifies group "admin" that doesn't exist in system
Status in sudo package in Ubuntu:
Confirmed
Bug description:
In the configuration file for sudo ( /etc/sudoers ) you find this section:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
The sudo group is in /etc/group, but not admin group. This is a
cosmetic bug, but if we specify a group that are allowed to use sudo
command, then the group should exist in the system too.
Installed version: Ubuntu 14.04 LTS all upgrades up to 9 july 2014
installed, 64 bit desktop ISO used for installation.
Sudo package installed:
ii sudo 1.8.9p5-1ubuntu1 amd64 Provide limited super user privileges to specific users
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1339518/+subscriptions
More information about the foundations-bugs
mailing list