HPE Community
Operating System - HP-UX
1833758 Members
2733 Online
110063 Solutions
New Discussion

What does the GID 1 do?

 
Jason Munson
Occasional Advisor

‎05-30-2007 06:07 AM

‎05-30-2007 06:07 AM

What does the GID 1 do?

I have been asked by my security team to give an explanation (preferably HP documentation) stating why the GID of 1 (group name "other") is created when HP-UX is installed. Does anyone know where I can find snippets of documentation regarding GID 1?
0 Kudos
10 REPLIES 10
Patrick Wallek
Honored Contributor

‎05-30-2007 06:10 AM

‎05-30-2007 06:10 AM

Re: What does the GID 1 do?

A group is just that. A group to control access to files. There are very few ID's that belong to the "other" group.

To see a listing of files that have the "other" group set do:

# find / -type f -group other |xargs ll -d

To search for directories:
# find / -type d -group other | xargs ll -d

If you were to remove this group, then you would have files that had only a numeric group of '1' associated with them rather than the group name.
0 Kudos
Jason Munson
Occasional Advisor

‎05-30-2007 06:14 AM

‎05-30-2007 06:14 AM

Re: What does the GID 1 do?

Thank you for the quick response, but I'm familiar with what GID's are for. The real question is coming from my security team who is asking why is the "other" group needed? What is HP's interpretation of why it is created upon the installation of HP-UX? The software they use to audit our systems if flagging this group as a potential risk (whether it is or not is up for debate and is not really the point of this post).
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎05-30-2007 06:47 AM

‎05-30-2007 06:47 AM

Re: What does the GID 1 do?

Typically, user root is a member of the group root and a member of group other. It's rather common for many installation scripts to default to other when not overridden by some explicit group. It's role is essentially that of a placeholder.

I would first do a
find / -group other -exec ls -l {} \;
to list all the files on the system that have the group set to 1. You can then make a more informed decision about how to handle group "other". The only potential danger are files writeable or executable by group other and also having non system-related users that are members of group other.
If it ain't broke, I can fix that.
0 Kudos
Patrick Wallek
Honored Contributor

‎05-30-2007 06:47 AM

‎05-30-2007 06:47 AM

Re: What does the GID 1 do?

It is created because there are files set with it as the group. If you do the 'find' commands I listed above you will see LOTS of file with "other" as the group.

As to specifically why, that's something developers would probably have to answer. Most likely just trying to segregate permissions.

On my fairly basic HP-UX 11.23 installation there are 892 files and 153 directories with "other" as the group.
0 Kudos
Jason Munson
Occasional Advisor

‎05-30-2007 06:57 AM

‎05-30-2007 06:57 AM

Re: What does the GID 1 do?

Thanks for the replies. I know how to figure out how many files are owned by other, I was just looking for an "HP" approved document stating why it is even created in the first place. I can accept the fact that it's a "placeholder", but my security team can't. I have a ticket open with the response center as well, I was just looking to see if anyone knew of a place I could look. I've already searched teh ITRC quite a bit, but just haven't gotten lucky yet.
0 Kudos
Court Campbell
Honored Contributor

‎05-30-2007 06:58 AM

‎05-30-2007 06:58 AM

Re: What does the GID 1 do?

The group also exists in Solaris. This is probably one of those debatable questions like

what does the etc in /etc stand for?
what does the usr in /usr stand for?

In the end the real question is whether or not this is really a threat. As stated you should look at what files have the group and what permissions are set on those files. Also, take note of who is apart of that group.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Court Campbell
Honored Contributor

‎05-30-2007 07:00 AM

‎05-30-2007 07:00 AM

Re: What does the GID 1 do?

Being that this would make me angry, I would rename the group 'other' to 'biteme' in the /etc/group file and present that to the security group. They need to get a life.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Jason Munson
Occasional Advisor

‎05-30-2007 07:31 AM

‎05-30-2007 07:31 AM

Re: What does the GID 1 do?

I have seen the group in Solaris as well. I'll give you a couple points for the humor factor though.
0 Kudos
Jason Munson
Occasional Advisor

‎06-15-2007 04:26 AM

‎06-15-2007 04:26 AM

Re: What does the GID 1 do?

FYI I opened a case with HP a little while back and have been told that as a result of my case they are creating a document to address this very question. They said it should be available on the ITRC within a week or two. I'll close this thread and wait to see what they say. Thanks everyone.
0 Kudos
Jason Munson
Occasional Advisor

‎06-15-2007 04:28 AM

‎06-15-2007 04:28 AM

Re: What does the GID 1 do?

See my previous post.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.