[Pkg-shadow-devel] Bug#325558: login: newgrp quite broken?

Nicolas François nicolas.francois at centraliens.net
Tue Aug 30 23:40:22 UTC 2005


On Tue, Aug 30, 2005 at 06:54:06PM -0400, itz at buug.org wrote:
> 
> Nicolas> This situation does not looks like buggy per se to me. It is
> Nicolas> (just) a documentation issue.  In fact, the information is not
> Nicolas> duplicated in /etc/group and /etc/gshadow.  The list of members
> Nicolas> in /etc/groups indicate the list of users who will gain the
> Nicolas> permissions of this group.
> 
> Nicolas> The list of members in /etc/gshadow indicate the list of users
> Nicolas> who can gain the permissions of this group by requesting them
> Nicolas> (with newgrp or sg, without any password and this will be
> Nicolas> logged).
> 
> Let me read between your lines.
> 
> The membership list in /etc/group determines which users get the group
> into their supplementary list during login (and, I guess, any other
> program that calls initgroups (3)).

(Note that initgroups comes from the libc, which is not aware of the
gshadow file, so this is normal that this function does not use any
information from gshadow)

> The membership list in /etc/gshadow determines which users can newgrp
> or sg to the group.

With a fall back to /etc/group if there is no entry for the group in
gshadow (which is the case when you delete the gshadow file).

> Maybe the really counterintuitive thing here is that _either_ file
> should be consulted for membership info when I am newgrping to a group
> that is _already_ in my supplementary list.  I am not getting any new
> privileges that way; all that changes is that new files will be created
> owned by the other group, and I could do that already, with less
> convenience, by using chgrp after the fact.

Yes. unless in some rare cases, there is no need to change the primary
group.

However newgrp or sg can be used in another use cases: getting the
privileges of a group you are not in, by providing a password.
This can be used to setup boxes with a guest account and let some of the
guests gain more privileges. In those cases, guest is not a member of any
group (in /etc/group and /etc/gshadow), and the password of the privileged
group is distributed to some of the physical persons using the guest
account.

You can also imagine some configurations where somebody do not want to be
in a given group (to avoid mistake), but wants to be able to gain this
group privilege with newgrp (without password if this user is in the
member list in gshadow).

The gshadow file also permits to use group administrators (see
gpasswd(1)).

If you are not willing to do any of these, you can live without any notice
without the /etc/gshadow file.


I still have my question:
Do you think that the paragraph of my previous mail would have permitted
you to understand how newgrp works?

Regards,
-- 
Nekral




More information about the Pkg-shadow-devel mailing list