[Pkg-shadow-devel] redhat patches
Nicolas François
nicolas.francois at centraliens.net
Fri Nov 16 14:08:26 UTC 2007
Hello Peter,
On Tue, Nov 13, 2007 at 10:58:59AM +0100, pvrabec at redhat.com wrote:
> Hi folks,
>
> do you mind to look at some redhat patches, which might be interesting to
> commit?
>
> I'm sending one example. It's fixing this problem:
>
> If you have a group file that looks something like the following:
> badgroup:x:30266:root
> badgroup::30266:root,deleteme
> deleteme:x:20750:
> And you try to "userdel deleteme", userdel will go into an endless loop.
>
> [ attached patch shadow-4.0.18.2-groupLoop.patch ]
I had a deeper look at the patch.
I would prefer to handle it differently and ask the admin to fix the group
database first.
I think that would be the "least surprise" solution.
Some tools handle duplicate group entries nicely (e.g. groups or id),
however, some others will not handle this use case correctly
e.g. with
test1:x:100:test2
test1:x:100:test3,test2
I would find the following commands behavior quite surprising:
# gpasswd -d test2 test1
Removing user test2 from group test1
# groups test2
test2: test1
Moreover, when the admin uses useradd, usermod, or userdel, she is in a
position of fixing the group/user database.
It is the current useradd behavior.
I plan to remove the test in useradd, and add a more generic test in
commonio_update that would fix this bug in userdel and usermod (e.g. add a
find_next_entry_by_name function, and check that no other entries are
found with the same name).
The other way would be to explicitly allow multiple entries with the same
name in group(5), removing the check from grck and checking all the shadow
tools.
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list