Date: Sun, 13 Apr 1997 10:20:43 +1000 From: David Nugent <davidn@unique.usn.blaze.net.au> To: freebsd-bugs@freefall.freebsd.org Subject: Re: bin/3233: adduser(8) doesn't add users to the wheel group Message-ID: <19970413102043.15146@usn.blaze.net.au> In-Reply-To: <19970413011358.FR00064@uriah.heep.sax.de>; from J Wunsch on Sun Apr 13 01:13:58 EST 1997 References: <199704090200.TAA18639@freefall.freebsd.org> <19970409123407.25120@usn.blaze.net.au> <19970413011358.FR00064@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun Apr 13 01:13:58 EST 1997, J Wunsch writes: > > Are you sure? (Well, as the author of pw(8), you should be sure. ;-) > At least, it offers both, -g and -G, so it should be possible to > say > > pw adduser mmblfrtz -g wheel -G wheel,operator Yes, that will work. pw doesn't attempt to do anything smart and remote redundant secondary memberships (as initgroups() does do, incidently, so you don't seem to get doubling up of group access permissions at runtime). > I agree that the `wheel' case is very special here. Yes, but perhaps this special case is more to do with the real problem being su. :-) I already argued this before, that su should look at the user's primary group as well. Since then, however, I'm more inclined to argue that it should look at the group access list for the current process using getgroups() and determine if group 0 is in the list. Either would remove this problem altogether and should not represent a security problem. Regards, David Nugent - Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970413102043.15146>