Linux Groups Can Have Paswords

Fri 29th Jun 12

Did you know hat a Linux group can have a password? I didn't but I do now. Here is a demo of it in action.

To set up a new group with a password you can use the groupadd command with the -p parameter. Just to make things slightly tricky -p does not take a cleartext password but takes one already encrypted by crypt(3). The easiest way to create one of these is using openssl.

This command will create a group called passgroup and will ask you for the password while creating it. If you are going to try this note that the parameter to openssl is a one and they are backticks wrapping the openssl command.

groupadd -p `openssl passwd -1` passgroup

Now to use the group you use the sg command.

robin:~$ id
uid=1000(robin) gid=1000(robin) groups=1000(robin)
robin@web2py:~$ sg passgroup
Password: 
robin:~$ id
uid=1000(robin) gid=1002(pass) groups=1000(robin),1002(passgroup)

And there you go, I am now a member of the passgroup group.

If you want to add a password to an existing group you can do it with groupmod:

groupmod -p `openssl passwd -1` passgroup

Possible uses? Not really sure, if you have any good ones let me know.

I should just add, all this was done in Debian, I've not confirmed any of this in other distros.