Date: Sat, 11 Jan 2014 19:52:42 GMT From: Jason Edwards <sub.mesa@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/185666: Regression for 'pw usermod <user> -G <grouplist>' Message-ID: <201401111952.s0BJqgx4053805@oldred.freebsd.org> Resent-Message-ID: <201401112000.s0BK00tH017995@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 185666
>Category: bin
>Synopsis: Regression for 'pw usermod <user> -G <grouplist>'
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Jan 11 20:00:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Jason Edwards
>Release: 10.0-RC3
>Organization:
ZFSguru
>Environment:
FreeBSD zfsguru.bsd 10.0-RC3 FreeBSD 10.0-RC3 #0: Tue Dec 24 02:57:59 UTC 2013 jason@zfsguru:/usr/obj/tmpfs/2-source/sys/OFED-POLLING-ALTQ amd64
>Description:
The pw(8) manpage states:
-G grouplist Set additional group memberships for an account. grouplist
is a comma, space or tab-separated list of group names or
group numbers. The user's name is added to the group lists
in /etc/group, and removed from any groups not specified in
grouplist.
This works as expected on FreeBSD 9.2-RELEASE where the user is removed from any groups not specified explicitly in the -G grouplist. However, on 10.0-RC1 and 10.0-RC3, I can reproduce 100% a regression where the username is *NOT* removed from the 'old group'. It is only added to the new group.
>How-To-Repeat:
It works as expected on 9.2:
pw useradd testuser
pw groupadd testgroup
pw groupadd testgroup2
pw usermod testuser -G testgroup
# /etc/group section before:
# testuser:*:1001:
# testgroup:*:1002:testuser
# testgroup2:*:1003:
pw usermod testuser -G testgroup2
# /etc/group section after:
# testuser:*:1001:
# testgroup:*:1002:
# testgroup2:*:1003:testuser
However, on 10.0-RC1 and 10.0-RC3 amd64 the behavior is very different; it does not remove the 'old group':
pw useradd testuser
pw groupadd testgroup
pw groupadd testgroup2
pw usermod testuser -G testgroup
# /etc/group section before:
# testuser:*:1004:
# testgroup:*:1005:testuser
# testgroup2:*:1006:
pw usermod testuser -G testgroup2
# /etc/group section after:
# testuser:*:1004:
# testgroup:*:1005:testuser
# testgroup2:*:1006:testuser
>Fix:
Workaround is to use 'groupmod' instead, to achieve a rough equivalent:
# remove <username> from the group <oldgroup>
pw groupmod <oldgroup> -d <username>
# add <username> to the group <newgroup>
pw groupmod <newgroup> -m <username>
Of course, the usermod -G command is superior, because it removes the user from all groups not specified explicitly.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401111952.s0BJqgx4053805>