[Pkg-shadow-devel] Bug#647308: Bug#647308: passwd: groupmod modifies users, not just groups

Nicolas François nicolas.francois at centraliens.net
Sun Nov 6 19:07:45 UTC 2011


On Tue, Nov 01, 2011 at 08:28:37PM +0100, debian-reportbug at plan9.de wrote:
> groupmod is documented to modify a group definition, but I found it also modifies users:
>    rain /home# grep dustfi /etc/passwd
>    sf-dustfinger:x:6155:6155::/home/sf-dustfinger:/etc/rc.cvsloginshell
>    rain /home# groupmod -g 6455 sf-dustfinger
>    rain /home# grep dustfi /etc/passwd
>    sf-dustfinger:x:6155:6455::/home/sf-dustfinger:/etc/rc.cvsloginshell
> this is unexpected, as unlike usermod's -g, it doesn't change files inside
> the users home directory, there is no documented option to switch this
> behaviour off, and very problematic, imho, this is completely undocumented
> (passwd isn't even mentioned in the manpage under files for example).
> it's also inconsistent to usermod -g, which does not update the group
> definition.
> I don't think this behaviour makes sense - it means there is no command
> to change a groups gid only (i.e. actually modifiy the group definition,
> as opposed to the users groups), making programmatic changes hard, but it
> might be hard to change this due to backward compatibility concerns.
> It would be nice if groupmod had a switch to actually make it modify the
> group definition only, and not tinker with the passwd file in unexpected
> ways.

I've documented this use case:
   Users who use the group as primary group will be updated to
   keep the group as their primary group.

In your example, user sf-dustfinger uses sf-dustfinger as primary group.
groupmod does not change this.
Your proposed switch would make a change for the user (the primary group
would become 6155 which is no longer sf-dustfinger).

If your intent is to keep the sf-dustfinger's primary group, you should
create a new group.

It is already documented that the group ownership of files are not
   Any files that have the old group ID and must continue to belong to
   GROUP, must have their group ID changed manually.

I've added passwd in the list of FILES.

Best Regards,

More information about the Pkg-shadow-devel mailing list