Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Jul 2013 12:47:06 +0000 (UTC)
From:      Dag-Erling Smørgrav <des@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r253205 - stable/9/usr.bin/newgrp
Message-ID:  <201307111247.r6BCl6gq068114@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: des
Date: Thu Jul 11 12:47:06 2013
New Revision: 253205
URL: http://svnweb.freebsd.org/changeset/base/253205

Log:
  MFH (r246553): document and explain need for setuid bit.
  
  PR:		docs/167741

Modified:
  stable/9/usr.bin/newgrp/newgrp.1
  stable/9/usr.bin/newgrp/newgrp.c
Directory Properties:
  stable/9/usr.bin/newgrp/   (props changed)

Modified: stable/9/usr.bin/newgrp/newgrp.1
==============================================================================
--- stable/9/usr.bin/newgrp/newgrp.1	Thu Jul 11 12:46:35 2013	(r253204)
+++ stable/9/usr.bin/newgrp/newgrp.1	Thu Jul 11 12:47:06 2013	(r253205)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd May 23, 2002
+.Dd February 8, 2013
 .Dt NEWGRP 1
 .Os
 .Sh NAME
@@ -90,6 +90,15 @@ A
 utility appeared in
 .At v6 .
 .Sh BUGS
+For security reasons, the
+.Nm
+utility is normally installed without the setuid bit.
+To enable it, run the following command:
+.Bd -literal -offset indent
+chmod u+s /usr/bin/newgrp
+.Ed
+.Pp
 Group passwords are inherently insecure as there is no way to stop
-users obtaining the crypted passwords from the group database.
+users obtaining the password hash from the group database.
 Their use is discouraged.
+Instead, users should simply be added to the necessary groups.

Modified: stable/9/usr.bin/newgrp/newgrp.c
==============================================================================
--- stable/9/usr.bin/newgrp/newgrp.c	Thu Jul 11 12:46:35 2013	(r253204)
+++ stable/9/usr.bin/newgrp/newgrp.c	Thu Jul 11 12:47:06 2013	(r253205)
@@ -73,7 +73,8 @@ main(int argc, char *argv[])
 {
 	int ch, login;
 
-	euid = geteuid();
+	if ((euid = geteuid()) != 0)
+		warnx("need root permissions to function properly, check setuid bit");
 	if (seteuid(getuid()) < 0)
 		err(1, "seteuid");

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307111247.r6BCl6gq068114>