AIX

 View Only

 Group STAFF description - Or Information

PABLO IBARRA DUPRAT's profile image
PABLO IBARRA DUPRAT posted Tue November 19, 2024 11:07 AM

Hi 

An audit company asks me to explain what problems the staff group can generate in terms of security in the event that this group is assigned to parameters of some software that grant high privileges, but I cannot find documentation that explains or describes the staff group at AIX.
Can you help me with that?
Thank you

José Pina Coelho's profile image
José Pina Coelho posted Thu November 21, 2024 06:36 AM

I find it alarming that an audit company has to ask that, since they're supposed to know it. 

"staff" is the default group when you create an user without specifying a group, other than that it has no special meaning.

As to being assigned to parameters that grant high privileges, it shouldn't be done, for the same reason that you should do the same with the "users" group in linux or the "Everyone" group in windows.