From owner-freebsd-questions@FreeBSD.ORG Wed Mar 25 15:49:27 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E2EB520F for ; Wed, 25 Mar 2015 15:49:27 +0000 (UTC) Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A6E3295D for ; Wed, 25 Mar 2015 15:49:27 +0000 (UTC) Received: by oiag65 with SMTP id g65so24947232oia.2 for ; Wed, 25 Mar 2015 08:49:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:from:content-type:message-id:date:to :content-transfer-encoding:mime-version; bh=2mgdFrCp3ZEpjIQhZURnaZxqvQ1AaNR9DmL/otmc3a8=; b=i84uBsulmK8yAyvoMm9WFK9Z3EvfioEvE8ww53Of1ZtpLfcAobtcMvyf2ji/PO5tMK BRLNqUcg7gI5THLmD2fLbBxlj7lmgtwcl7ca1rIiMom9oLcwpgisPH1Sa/3ckpIUR7sK D/YJZZpQye7IFFpVm3mHzs+D2PEc8gTu8iiXxD53qhGy26r0LoLOs1fgyCEqccyv60H/ I7RSf+jdw6km8gTxCntrAYoM7WGGBQ9U4O39kHd9V/q7OwcuOisex3Dl0uVrkcI6BUHJ mpy0jzuUHceBMI8mSXTWQcuFaSW+YJ/mHVw+FWdKuvCu98id3wS8Bor+4CvsUOri+Zv+ 9x/Q== X-Received: by 10.182.142.101 with SMTP id rv5mr6073598obb.13.1427298566811; Wed, 25 Mar 2015 08:49:26 -0700 (PDT) Received: from [192.168.1.64] (pool-173-71-39-166.dllstx.fios.verizon.net. [173.71.39.166]) by mx.google.com with ESMTPSA id bp2sm2241972oec.0.2015.03.25.08.49.24 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 25 Mar 2015 08:49:25 -0700 (PDT) Subject: 'pw usermod -G' not removing user from group? From: Matthew Pherigo X-Mailer: iPad Mail (12D508) Message-Id: <474FEC65-4E15-4972-A411-E91569B4E2A5@gmail.com> Date: Wed, 25 Mar 2015 10:49:22 -0500 To: FreeBSD Users Mime-Version: 1.0 (1.0) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Mar 2015 15:49:28 -0000 Hi all, The manpage for pw(8) says this about the -G flag: > The user's name is added to the group lists in /etc/group, and removed fro= m any groups not specified in grouplist. However, when using this option on 10.1, pw decides to get creative: > $ sudo id -a test > uid=3D1003(test) gid=3D1003(test) groups=3D1003(test),0(wheel),69(network)= > $ sudo pw usermod test -G network > $ sudo id -a test =20 > uid=3D1003(test) gid=3D1003(test) groups=3D1003(test),0(wheel),69(network)= This isn't the end of the creative liberties, though. When checking /etc/gro= up, we find: > network:*:69:test,test pw(8) has added the 'test' user to the network group *twice*. In fact, when I= was checking the /etc/group file, I found this little gem: > wheel:*:0:root,ansible,matt,matt,matt,test That trio of matts is the result of configuration management systems trippin= g over this strange behavior. Was this introduced in a recent patch? I can't imagine this has been around f= or long. Hopefully it's just a doc error! Thanks, --Matt=