[Pkg-shadow-devel] Bug#325558: login: newgrp quite broken?

[Ian Zimmerman]

Nicolas> This situation does not looks like buggy per se to me. It is
Nicolas> (just) a documentation issue.  In fact, the information is not
Nicolas> duplicated in /etc/group and /etc/gshadow.  The list of members
Nicolas> in /etc/groups indicate the list of users who will gain the
Nicolas> permissions of this group.

Nicolas> The list of members in /etc/gshadow indicate the list of users
Nicolas> who can gain the permissions of this group by requesting them
Nicolas> (with newgrp or sg, without any password and this will be
Nicolas> logged).

Let me read between your lines.

The membership list in /etc/group determines which users get the group
into their supplementary list during login (and, I guess, any other
program that calls initgroups (3)).

The membership list in /etc/gshadow determines which users can newgrp
or sg to the group.

Right?

Maybe the really counterintuitive thing here is that _either_ file
should be consulted for membership info when I am newgrping to a group
that is _already_ in my supplementary list.  I am not getting any new
privileges that way; all that changes is that new files will be created
owned by the other group, and I could do that already, with less
convenience, by using chgrp after the fact.

For my part I solved my "problem" by removing /etc/gshadow, as none of
my groups had passwords anyway.

-- 
Optimist: We're only two weeks behind schedule.
Pessimist: The schedule is a whole two weeks ahead of us.