Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 26 Jun 2012 23:13:52 GMT
From:      Devin Teske <dteske@FreeBSD.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   bin/169471: pw(8) deletes group "username" on userdel even if group "username" is not assoc. w/user "username"
Message-ID:  <201206262313.q5QNDq7K030594@red.freebsd.org>
Resent-Message-ID: <201206262320.q5QNK6fV016873@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         169471
>Category:       bin
>Synopsis:       pw(8) deletes group "username" on userdel even if group "username" is not assoc. w/user "username"
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 26 23:20:06 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Devin Teske
>Release:        FreeBSD 9.0-RELEASE i386
>Organization:
FIS Global, Inc.
>Environment:
FreeBSD scribe9.vicor.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:15:25 UTC 2012     root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
When performing "pw userdel USERNAME", pw(8) will delete a group by the same name regardless of association (or lack thereof) between a group and a user by the same name.

NOTE: Imagine if you had created a user named "wheel" and then executed "pw userdel wheel". The "wheel" group was just deleted silently without warning. No [simple] mechanism is provided to prevent the deletion of the group when deleting a user by the same name.
>How-To-Repeat:
pw useradd foo -g wheel
# This creates user "foo" with primary gid of existing wheel group (0)
pw groupadd foo
# This adds a group with the same name
pw userdel foo
# This deletes both the user and the group (despite the fact that they are unrelated to each other -- read: user foo was not a member of group foo, nor did it have group foo as its primary gid).
>Fix:
I see a couple solutions, such as:
1. patch pw(8) to not touch groups during userdel (this requires scripts to adjust if they were relying on this feature), or...
2. patch pw(8) to check that the primary gid of the user being deleted is that of the group sharing the same name as the user.

>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206262313.q5QNDq7K030594>