[Pkg-shadow-devel] Bug#1004472: Additional information
Markus Hiereth
post at hiereth.de
Thu Feb 17 10:56:13 GMT 2022
Hi Serge,
i did a few more tests, see the logging of the console.
Findings:
- groupmems expects the password of the user who wants to add another
user to his group (as You found out too)
- groupmems does not accept the group password for his primary group
- groupmems fails in case the binary has only set the setgid
bit. Although man groupmems tells that this would be one of the
preconditions for usage (problem with locking /etc/group)
- groupmems works in case the binary has the setuid bit set (as You
found out too)
Best regards
Markus
-------------- next part --------------
Script started on 2022-02-17 11:04:39+01:00 [TERM="linux" TTY="/dev/tty2" COLUMNS="80" LINES="25"]
�[?2004htester2 at lune:~$ grep tester2 /etc/group
�[?2004l
tester2:x:1001:
groups:x:998:tester2
�[?2004htester2 at lune:~$ groups
�[?2004l
tester2 groups
�[?2004htester2 at lune:~$ /usr/sbin/groupmems -a tester3
�[?2004l
Passwort: #input of group password
groupmems: PAM: Fehler bei Authentifizierung
#group password rejected
�[?2004htester2 at lune:~$ /usr/sbin/groupmems -a tester3
�[?2004l
Passwort:
groupmems: Permission denied.
groupmems: /etc/group konnte nicht gesperrt werden; versuchen Sie es sp??ter noch einmal.
�[?2004htester2 at lune:~$ ls -l /usr/sbin/groupmems
�[?2004l
-rwx--s--- 1 root groups 66104 7. Feb 2020 /usr/sbin/groupmems
�[?2004htester2 at lune:~$ ls -l /etc/group
�[?2004l
-rw-r--r-- 1 root root 967 17. Feb 10:49 /etc/group
#change group of file group
�[?2004htester2 at lune:~$ ls -l /etc/group
�[?2004l
-rw-rw-r-- 1 root groups 967 17. Feb 10:49 /etc/group
�[?2004htester2 at lune:~$ /usr/sbin/groupmems -a tester3
�[?2004l
Passwort: #input of password of tester2
groupmems: Permission denied.
groupmems: /etc/group konnte nicht gesperrt werden; versuchen Sie es sp??ter noch einmal.
�[?2004htester2 at lune:~$ /usr/sbin/groupmems -a tester3
�[?2004l
Passwort: #input of group password for groups
groupmems: PAM: Fehler bei Authentifizierung
�[?2004htester2 at lune:~$ exit
�[?2004l
exit
Script done on 2022-02-17 11:20:08+01:00 [COMMAND_EXIT_CODE="1"]
Script started on 2022-02-17 11:32:19+01:00 [TERM="linux" TTY="/dev/tty2" COLUMNS="80" LINES="25"]
#setgid bit was remove, setuid bit was set for executable groupmems
�[?2004htester2 at lune:~$ -l��[K��[Kls -l /usr/sbin/groupmems
�[?2004l
-rws--x--- 1 root groups 66104 7. Feb 2020 /usr/sbin/groupmems
�[?2004htester2 at lune:~$ /usr/sbin/groupmems -a tester3
�[?2004l
Passwort: #input of password for tester2
�[?2004htester2 at lune:~$ /usr/sbin/groupmems -a tester3
�[?2004l
Passwort: #input of group password for groups
groupmems: PAM: Fehler bei Authentifizierung
�[?2004htester2 at lune:~$ grep tester2 /etc/group
�[?2004l
tester2:x:1001:tester3
groups:x:998:tester2
�[?2004htester2 at lune:~$ exit
�[?2004l
exit
Script done on 2022-02-17 11:42:48+01:00 [COMMAND_EXIT_CODE="0"]
More information about the Pkg-shadow-devel
mailing list