Linux Groups Can Have Paswords
Fri 29th Jun 12
Did you know hat a Linux group can have a password? I didn't but I do now. Here is a demo of it in action.
To set up a new group with a password you can use the groupadd command with the -p parameter. Just to make things slightly tricky -p does not take a cleartext password but takes one already encrypted by crypt(3). The easiest way to create one of these is using openssl.
This command will create a group called passgroup and will ask you for the password while creating it. If you are going to try this note that the parameter to openssl is a one and they are backticks wrapping the openssl command.
groupadd -p `openssl passwd -1` passgroup
Now to use the group you use the sg command.
robin:~$ id uid=1000(robin) gid=1000(robin) groups=1000(robin) robin@web2py:~$ sg passgroup Password: robin:~$ id uid=1000(robin) gid=1002(pass) groups=1000(robin),1002(passgroup)
And there you go, I am now a member of the passgroup group.
If you want to add a password to an existing group you can do it with groupmod:
groupmod -p `openssl passwd -1` passgroup
Possible uses? Not really sure, if you have any good ones let me know.
I should just add, all this was done in Debian, I've not confirmed any of this in other distros.