[Pkg-shadow-devel] Bug#1004472: Bug#1004472: groupmem: make authentification clear and check interaction with PAM
Serge E. Hallyn
serge at hallyn.com
Mon Jan 31 04:32:05 GMT 2022
On Fri, Jan 28, 2022 at 11:29:49AM +0100, Markus Hiereth wrote:
> Package: passwd
> Version: 1:4.8.1-1
> Severity: normal
>
> Dear Maintainer,
>
>
> * What led up to the situation?
>
> Checks made for translation of man 8 groupmems
>
> * What exactly did you do (or not do) that was effective (or
> ineffective)?
>
> Try to invoke groupmems as user and as systemadministrator
>
> * What was the outcome of this action?
>
> groupmems asked in both cases for authentification by a password, but does not specify which password is expected. There are three possibilies
> a) root password from root (however, this does not make much sense)
> b) user password for group-owning user (however, this does not make much sense)
> c) the group's password
>
> In all cases, I got a PAM authentification failure
>
> * What outcome did you expect instead?
>
> A snippet from the logfile is attached
>
> Best regards
> Markus
This is not a well understood - or well documented - command.
In order for unprivileged users to use groupmems, you must make
it setuid-root: 'chmod u+s /usr/sbin/groupmems'.
After I do this, I as user serge in group serge can do
groupmems -a testuser
to add user testuser to my group serge. I do have to provide
my own password.
-serge
More information about the Pkg-shadow-devel
mailing list