From owner-freebsd-stable@FreeBSD.ORG  Tue Aug 21 20:43:33 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5912616A417
	for <stable@freebsd.org>; Tue, 21 Aug 2007 20:43:33 +0000 (UTC)
	(envelope-from cswiger@mac.com)
Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22])
	by mx1.freebsd.org (Postfix) with ESMTP id 420FD13C478
	for <stable@freebsd.org>; Tue, 21 Aug 2007 20:43:33 +0000 (UTC)
	(envelope-from cswiger@mac.com)
Received: from relay11.apple.com (relay11.apple.com [17.128.113.48])
	by mail-out3.apple.com (Postfix) with ESMTP id 0FC00F16441;
	Tue, 21 Aug 2007 13:24:43 -0700 (PDT)
Received: from relay11.apple.com (unknown [127.0.0.1])
	by relay11.apple.com (Symantec Mail Security) with ESMTP id E5E75287BC; 
	Tue, 21 Aug 2007 13:24:42 -0700 (PDT)
X-AuditID: 11807130-a71a1bb000006012-cc-46cb4a0ab9b7
Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by relay11.apple.com (Symantec Mail Security) with ESMTP id CE17D284C2; 
	Tue, 21 Aug 2007 13:24:42 -0700 (PDT)
In-Reply-To: <20070821195043.GA1464@roadrunner.spoerlein.net>
References: <20070821195043.GA1464@roadrunner.spoerlein.net>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <A77859AB-FF17-4FBA-8B2C-462B129D84A3@mac.com>
Content-Transfer-Encoding: 7bit
From: Chuck Swiger <cswiger@mac.com>
Date: Tue, 21 Aug 2007 13:24:42 -0700
To: Ulrich Spoerlein <uspoerlein@gmail.com>
X-Mailer: Apple Mail (2.752.2)
X-Brightmail-Tracker: AAAAAA==
Cc: stable@freebsd.org
Subject: Re: pam_group vs. multiple group lines
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2007 20:43:33 -0000

On Aug 21, 2007, at 12:50 PM, Ulrich Spoerlein wrote:
> I found this while trying to migrate groups into LDAP, but you don't
> need LDAP to reproduce this, simply place the following in /etc/group
>
> wheel:*:0:root
> wheel:*:0:us

That's a misconfiguration.  From "man 5 group":

   The group field is the group name used for granting file access to  
users
   who are members of the group.  The gid field is the number associated
   with the group name.  They should both be unique across the system  
(and
                              ^^^^^^^^^^^^^^^^^^^^^
   often across a group of systems) since they control file access.

-- 
-Chuck