[Pkg-shadow-devel] Bug#1004472: Bug#1004472: groupmem: make authentification clear and check interaction with PAM

Serge E. Hallyn serge at hallyn.com
Mon Jan 31 04:32:05 GMT 2022

On Fri, Jan 28, 2022 at 11:29:49AM +0100, Markus Hiereth wrote:
> Package: passwd
> Version: 1:4.8.1-1
> Severity: normal
> Dear Maintainer,
>    * What led up to the situation?
> Checks made for translation of man 8 groupmems 
>    * What exactly did you do (or not do) that was effective (or
>      ineffective)?
> Try to invoke groupmems as user and as systemadministrator
>    * What was the outcome of this action?
> groupmems asked in both cases for authentification by a password, but does not specify which password is expected. There are three possibilies
> a) root password from root (however, this does not make much sense)
> b) user password for group-owning user (however, this does not make much sense)  
> c) the group's password
> In all cases, I got a PAM authentification failure
>    * What outcome did you expect instead?
> A snippet from the logfile is attached
> Best regards
> Markus

This is not a well understood - or well documented - command.

In order for unprivileged users to use groupmems, you must make
it setuid-root:  'chmod u+s /usr/sbin/groupmems'.

After I do this, I as user serge in group serge can do

groupmems -a testuser

to add user testuser to my group serge.  I do have to provide
my own password.


More information about the Pkg-shadow-devel mailing list