[Bug 1843829] Re: sudoers: admin group has permissions, but does not exist by default
Benjamin Drung
1843829 at bugs.launchpad.net
Wed Aug 3 08:39:01 UTC 2022
Thanks for reporting this issue. Since you need to be root to create a
new user, this can probably not be used directly as exploit. But I agree
that creating a user "admin" should not create one that is in the admin
group. So either removing this configuration line or create a admin
group by default. In the latter case, adduser will fail to create a
admin user.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1843829
Title:
sudoers: admin group has permissions, but does not exist by default
Status in sudo package in Ubuntu:
Triaged
Bug description:
Hello I had reported this earlier but my account shows no bugs
reported so here I try again.
On Ubuntu going back for a while now and also including the newest
release
/etc/sudoers contains the below lines on a default install
%admin ALL=(ALL) ALL
The problem is that the admin group doesn't exist by default so if a
user with the name of admin was created they would be in a group of
their own name. It looks like you guys might be using an account named
adm instead of admin? This is also causing other bugs to be reported.
It may seem silly as adding a user requires elevated permissions. If
someone doesn't know about this behaviour or a user is allowed to
create an admin named account through a script they are just a short
sudo su away from controlling a system.
I'd recommend commenting out the /etc/sudoers line or adding an admin
group to /etc/group or changing the admin in sudoers to adm if that is
what you are trying to do.
Aaron Ringo
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1843829/+subscriptions
More information about the foundations-bugs
mailing list