What does it mean to be in group 0?
Unlike user 0 (the root user), group 0 does not have any special privilege at the kernel level.
Traditionally, group 0 had special privileges on many unix variants — either the right to use su
to become root (after typing the root password), or the right to become root without typing a password. Basically, the users in group 0 were the system administrators. When group 0 has special privileges, it is called wheel
Under Linux, group 0 does not have any special meaning to privilege escalation utilities such as sudo
and su
, either. See Why is Debian not creating the 'wheel' group by default?
Under CentOS, as far as I know, group 0 has no special significance. It is not referenced in the default sudoers
file. The administrators on that system may have decided to emulate a unix tradition and confer members of group 0 some special permissions. Check the PAM configuration (/etc/pam.conf
, /etc/pam.d/*
) and the sudoers file (/etc/sudoers
) (these are not the only places where group 0 might have been conferred special privileges, but the most likely).
Unlike user ID 0, the kernel does not give any special permissions to group 0. However, since 0 is typically the default group for the root
user, it means these people will often be able to access or modify files owned by root (since those files often also are owned by group 0).
In addition, some programs may treat group 0 specially. For instance, su
on some BSD systems will grant passwordless root access to members of group 0.
So while it's not a superuser class, I'd still be careful of who is a member.
It simply means that their primary group is root
rather than anything else and therefore, for example, they use the group settings when accessing files where group settings is root
.
Most of the standard system files are owned by root.root
but group permissions are usually the same as the world permissions so, by itself, this doesn't convey any advantage unless your system has had the group permissions changed on standard files.
It does not grant full root privileges.