User in wheel group is able to switch to root shell even though root account is disabled. Is this an expected behavior ?

Solution Verified - Updated -

Issue

  • User in wheel group is able to switch to root shell even though root account is disabled. Is this an expected behavior ?

  • As per the RHEL documentation, sudo users will be able to execute commands in users shell but not in root shell. However sudo user performs the following steps and gets into root shell after a password authentication.

[sudouser@host ~]$ cat /tmp/csv.sh
#!/bin/bash
awk 'BEGIN {system("/bin/sh")}'
[sudouser@host ~]$ sudo /tmp/csv.sh
sh-4.4# id
uid=0(root) gid=0(root) groups=0(root),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
sh-4.4#

  • Is this an expected behavior ? Or is this a security threat ?

  • If this is expected behavior ? What are the best recommendations to secure the system ?

Environment

  • Red Hat Enterprise Linux
  • sudo

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content