[Pkg-shadow-devel] Bug#325558: login: newgrp quite broken?

Nicolas François nicolas.francois at centraliens.net
Tue Aug 30 08:27:36 UTC 2005 

On Mon, Aug 29, 2005 at 08:21:10PM -0400, itz at buug.org wrote:
> 
> - No, your man page patch is not enough.  The most important thing to
> stress is that the group membership information must be duplicated in
> gshadow. (or maybe that is the _only_ file that counts and group is
> ignored?)  That's because this situation differs from the passwd/shadow
> pair; I don't need to duplicate, e.g., users' shell, home directory or
> even primary group in shadow.

See below.

> So mine was a natural and easy mistake to make.

I know, that's why the man page was already changed in unstable (and why I
would like to find the good explanation so that newgrp usage will be
clear).

> - Even if documented, this situation still looks like a bug.  What is
> the rationale for hiding the membership info in gshadow?  After all,
> the primary group is plain for all to see in passwd.

This situation does not looks like buggy per se to me. It is (just) a
documentation issue.
In fact, the information is not duplicated in /etc/group and /etc/gshadow.
The list of members in /etc/groups indicate the list of users who will
gain the permissions of this group.

The list of members in /etc/gshadow indicate the list of users who can
gain the permissions of this group by requesting them (with newgrp or sg,
without any password and this will be logged).

In passwd/shadow, if there is a password in both files, then the valid
password is the one from shadow (the password field is the only field that
is present in both files, no initial shell is specified in shadow)

Note:
The meaning of the fields in /etc/group are:
group_name:password:GID:user_list
The meaning of the fields in /etc/gshadow are:
group_name:password:administrator_list:user_list
So with group/gshadow, two fields may be confusing: password and user_list.
(A gshadow man page was added in the unstable package)


I propose to change the paragraph to:

   newgrp changes the current real group ID to the named group, or to  the
   default  group listed in /etc/passwd if no group name is given.  newgrp
   also tries to add the group to the user groupset. If not root, the user
   will  be  prompted for a password if she do not have a password
+  (in /etc/shadow if this has an entry in the shadowed password file, or
+  or in /etc/passwd otherwise)
                                                                   and the
   group does, or if the user is not listed as a member and the group  has
   a  password.  The  user  will be denied access if the group password is
   empty and the user is not listed as a member.
+  If there is an entry for this group in /etc/gshadow, then the list of
+  members and the password of this group will be taken from this file,
+  otherwise, the entry in /etc/group is considered.
-                                                 If compiled with SHADOW-
-  PWD (respectively SHADOWGRP) defined, the password of the user (respec-
-  tively, the password and the members of the group) will be  overwritten
-  by  the  value defined in /etc/shadow (respectively in /etc/gshadow) if
-  an entry exists for this user (resp. group).
   
Do you think this clearly explains the newgrp behavior?

Best Regards,
-- 
Nekral

More information about the Pkg-shadow-devel mailing list