From owner-freebsd-bugs@FreeBSD.ORG Tue Jun 26 23:20:07 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 54AC21065674 for ; Tue, 26 Jun 2012 23:20:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0D7138FC1F for ; Tue, 26 Jun 2012 23:20:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5QNK6am016875 for ; Tue, 26 Jun 2012 23:20:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5QNK6fV016873; Tue, 26 Jun 2012 23:20:06 GMT (envelope-from gnats) Resent-Date: Tue, 26 Jun 2012 23:20:06 GMT Resent-Message-Id: <201206262320.q5QNK6fV016873@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Devin Teske Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EB382106564A for ; Tue, 26 Jun 2012 23:13:52 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id D5D6C8FC21 for ; Tue, 26 Jun 2012 23:13:52 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q5QNDqKr030595 for ; Tue, 26 Jun 2012 23:13:52 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id q5QNDq7K030594; Tue, 26 Jun 2012 23:13:52 GMT (envelope-from nobody) Message-Id: <201206262313.q5QNDq7K030594@red.freebsd.org> Date: Tue, 26 Jun 2012 23:13:52 GMT From: Devin Teske To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: bin/169471: pw(8) deletes group "username" on userdel even if group "username" is not assoc. w/user "username" X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 23:20:07 -0000 >Number: 169471 >Category: bin >Synopsis: pw(8) deletes group "username" on userdel even if group "username" is not assoc. w/user "username" >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jun 26 23:20:06 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Devin Teske >Release: FreeBSD 9.0-RELEASE i386 >Organization: FIS Global, Inc. >Environment: FreeBSD scribe9.vicor.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:15:25 UTC 2012 root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: When performing "pw userdel USERNAME", pw(8) will delete a group by the same name regardless of association (or lack thereof) between a group and a user by the same name. NOTE: Imagine if you had created a user named "wheel" and then executed "pw userdel wheel". The "wheel" group was just deleted silently without warning. No [simple] mechanism is provided to prevent the deletion of the group when deleting a user by the same name. >How-To-Repeat: pw useradd foo -g wheel # This creates user "foo" with primary gid of existing wheel group (0) pw groupadd foo # This adds a group with the same name pw userdel foo # This deletes both the user and the group (despite the fact that they are unrelated to each other -- read: user foo was not a member of group foo, nor did it have group foo as its primary gid). >Fix: I see a couple solutions, such as: 1. patch pw(8) to not touch groups during userdel (this requires scripts to adjust if they were relying on this feature), or... 2. patch pw(8) to check that the primary gid of the user being deleted is that of the group sharing the same name as the user. >Release-Note: >Audit-Trail: >Unformatted: