Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 13 Apr 1997 10:20:43 +1000
From:      David Nugent <davidn@unique.usn.blaze.net.au>
To:        freebsd-bugs@freefall.freebsd.org
Subject:   Re: bin/3233: adduser(8) doesn't add users to the wheel group
Message-ID:  <19970413102043.15146@usn.blaze.net.au>
In-Reply-To: <19970413011358.FR00064@uriah.heep.sax.de>; from J Wunsch on Sun Apr 13 01:13:58 EST 1997
References:  <199704090200.TAA18639@freefall.freebsd.org> <19970409123407.25120@usn.blaze.net.au> <19970413011358.FR00064@uriah.heep.sax.de>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun Apr 13 01:13:58 EST 1997, J Wunsch writes:
> 
> Are you sure?  (Well, as the author of pw(8), you should be sure. ;-)
> At least, it offers both, -g and -G, so it should be possible to
> say
> 
> 	pw adduser mmblfrtz -g wheel -G wheel,operator

Yes, that will work. pw doesn't attempt to do anything smart
and remote redundant secondary memberships (as initgroups() does
do, incidently, so you don't seem to get doubling up of group
access permissions at runtime).

> I agree that the `wheel' case is very special here.

Yes, but perhaps this special case is more to do with the real
problem being su. :-)

I already argued this before, that su should look at the user's
primary group as well. Since then, however, I'm more inclined
to argue that it should look at the group access list for the
current process using getgroups() and determine if group 0 is
in the list. Either would remove this problem altogether and
should not represent a security problem.

Regards,

David Nugent - Unique Computing Pty Ltd - Melbourne, Australia
Voice +61-3-9791-9547  Data/BBS +61-3-9792-3507  3:632/348@fidonet
davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970413102043.15146>