Date: Fri, 8 Feb 2013 09:47:04 +0000 From: "Teske, Devin" <Devin.Teske@fisglobal.com> To: Diane Bruce <db@db.net>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Cc: "Teske, Devin" <Devin.Teske@fisglobal.com> Subject: RE: group(5) Group Passwords do not work Message-ID: <13CA24D6AB415D428143D44749F57D7201EA6244@ltcfiswmsgmb21> In-Reply-To: <20130207232352.GA51387@night.db.net> References: <20130207232352.GA51387@night.db.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 7 Feb 2013, Diane Bruce wrote: > Hi, >=20 > I've been looking at pw & friends for a while when this PR > was brought to my attention. >=20 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3Ddocs/167741 >=20 > Right now group passwords in /etc/group are marked with * > I'm told some linux distributions are marking this as "NOTUSED" > Clearly our man pages should either be changed to make it much more clear > that this stuff does not work and will never work in FreeBSD or the > code should be changed to make it work. ;) It secretly does work -- but only for those willing to take the plunge and: WARNING: Not recommended unless you *must* have this functionality... sudo chmod u+s /usr/bin/newgrp NOTE: Assuming /usr/bin/newgrp is already owned by root See newgrp(8) for additional details. > Mark Saad spent some time > checking this. If it is stated it is never going to be made to work, by c= ore > or whatever, some of the code in libutil + pw can be simplified a bit. newgrp(8) ships without the setuid root bit set for security reasons. It's = there to flip for anybody that needs it. Perhaps documentation should be up= dated to mention this. > It was also suggested on IRC that it is also possible that some pam > code does expect group passwords to work or at least passed through. >=20 Nope, not used by PAM. > How are we to proceed folks? I'd rather not see this functionality go away -- in my up-coming release of= bsdconfig(8) I have a module that supports nearly every aspect of pw(8) in= cluding managing group(5) passwords. I see in a later reply to this thread = by des that the list includes things besides newgrp(8) and pw(8) ... add bs= dconfig(8) to that list by way of pw(8) usage. --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13CA24D6AB415D428143D44749F57D7201EA6244>