Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 25 Mar 2015 16:18:58 -0500
From:      Matthew Pherigo <hybrid120@gmail.com>
To:        Rick Miller <vmiller@hostileadmin.com>
Cc:        FreeBSD Users <freebsd-questions@freebsd.org>
Subject:   Re: 'pw usermod -G' not removing user from group?
Message-ID:  <3183757859924107912@unknownmsgid>
In-Reply-To: <CAHzLAVHJncOcHvb_fxS4xsN8t9pvavLjpWmvxbhP2kyVHsP9GQ@mail.gmail.com>
References:  <474FEC65-4E15-4972-A411-E91569B4E2A5@gmail.com> <CAHzLAVHJncOcHvb_fxS4xsN8t9pvavLjpWmvxbhP2kyVHsP9GQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thanks, Rick! It's crazy that they didn't allow it in; seems like a pretty
big issue. Hopefully they'll release a patch through FreeBSD-update
soon. In the meantime, do you or anyone else know how to work around this?

--Matt

On Mar 25, 2015, at 1:09 PM, Rick Miller <vmiller@hostileadmin.com> wrote:



On Wed, Mar 25, 2015 at 11:49 AM, Matthew Pherigo <hybrid120@gmail.com>
wrote:

> Hi all,
>
> The manpage for pw(8) says this about the -G flag:
> > The user's name is added to the group lists in /etc/group, and removed
> from any groups not specified in grouplist.
>
> However, when using this option on 10.1, pw decides to get creative:
> > $ sudo id -a test
> > uid=1003(test) gid=1003(test) groups=1003(test),0(wheel),69(network)
> > $ sudo pw usermod test -G network
> > $ sudo id -a test
> > uid=1003(test) gid=1003(test) groups=1003(test),0(wheel),69(network)
>
> This isn't the end of the creative liberties, though. When checking
> /etc/group, we find:
> > network:*:69:test,test
>
> pw(8) has added the 'test' user to the network group *twice*. In fact,
> when I was checking the /etc/group file, I found this little gem:
> > wheel:*:0:root,ansible,matt,matt,matt,test
>
> That trio of matts is the result of configuration management systems
> tripping over this strange behavior.
>
> Was this introduced in a recent patch? I can't imagine this has been
> around for long. Hopefully it's just a doc error!


This PR[1] describes the problem.  It includes a patch, which apparently
didn't make it into 10.1 by the looks of it probably due to a code freeze
in preparation for release.


[1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=187189


-- 
Take care
Rick Miller

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3183757859924107912>