Using Passworded Groups

An obscure, but interesting, feature of groups is that you can, in fact, assign passwords to them. The use case of this feature is that you can dynamically adopt a group into your current session, when you need a resource that requires it. When you request this, you will first be prompted for the password.

The obvious evil of doing this is that all members of the group must know the password. Still, it’s a tool to be kept at hand.

$ sudo addgroup test_pass_group
[sudo] password for dustin: 
Adding group `test_pass_group' (GID 1001) ...
Done.

$ sudo gpasswd test_pass_group
Changing the password for group test_pass_group
New Password: 
Re-enter new password: 

$ groups
dustin adm cdrom sudo dip plugdev lpadmin sambashare

$ newgrp test_pass_group
Password: 

$ groups
test_pass_group adm cdrom sudo dip plugdev lpadmin sambashare dustin

newgrp will send you into a new shell with the additional group. Therefore, to drop the group, simply exit the new shell.

Advertisements