Date: Thu, 14 Nov 1996 15:50:09 +1100 From: davidn@sdev.usn.blaze.net.au (David Nugent) To: jsigmon@www.hsc.wvu.edu (Jeremy Sigmon) Cc: jadeite@light.pomona.edu (jadeite), questions@freebsd.org Subject: Re: Bug in 1014??? Message-ID: <Mutt.19961114155009.davidn@sdev> In-Reply-To: <Pine.BSF.3.91.961113095544.23811C-100000@www.hsc.wvu.edu>; from Jeremy Sigmon on Nov 13, 1996 09:57:17 -0500 References: <Pine.BSF.3.95.961112163320.1570C-100000@light.pomona.edu> <Pine.BSF.3.91.961113095544.23811C-100000@www.hsc.wvu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeremy Sigmon writes:
> > A user will be in any group that you specify in /etc/passwd.
> > You need to be in group wheel to su.
>
> I was listed as being in group 0 in /etc/passwd
> and in master.passwd of course.
> But su was only reading /etc/group evidently and group was not
> automatically updated. I didn't have to touch it in 2.1.5.
> Any other ideas?
Hmm. Forgive me if I'm misunderstanding you, but it appears that your
understanding of how groups work may be flawed.
Each entry in /etc/{master.}passwd has a group id against each user.
This is the *primary* group. The user does *not* also need to be
in the membership line in /etc/group for their primary group, since
they are automatically a member of the group. In fact, they shouldn't
be named in /etc/group as a member of their primary group.
So..
> > > When I created users the /etc/group file was not updated.
It does not normally need to be updated unless the user is placed
in groups additional to their primary group.
> > > I noticed when I could not su on my new machine.
As someone else pointed out, you need to be in the wheel group
for this to be allowed. However, this is a *special* case, where
su looks only at /etc/group and does not look at the user's
primary group id.
> > > Is this a known bug? (I don't remember seeing a PR)
If there is any 'bug' here, it is in su, which should also check
pwd->pw_gid for wheel's group id (it doesn't do this - it probably
should).
Here's a patch for su against -current sources that fixes this,
if you're interested. You're welcome to submit a pr on it.
--- su.c.orig Mon Oct 7 20:00:58 1996
+++ su.c Thu Nov 14 15:45:50 1996
@@ -96,7 +96,7 @@
char *p, **g, *user, *shell, *username, *cleanenv[20], **nargv, **np;
struct group *gr;
uid_t ruid;
- int asme, ch, asthem, fastlogin, prio, i;
+ int asme, ch, asthem, fastlogin, prio, i, mygid;
enum { UNSET, YES, NO } iscsh = UNSET;
char shellbuf[MAXPATHLEN];
@@ -163,6 +163,7 @@
pwd = getpwuid(ruid);
if (pwd == NULL)
errx(1, "who are you?");
+ mygid = pwd->pw_gid;
username = strdup(pwd->pw_name);
if (username == NULL)
err(1, NULL);
@@ -193,7 +194,7 @@
#endif
{
/* only allow those in group zero to su to root. */
- if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)))
+ if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) && mygid != 0)
for (g = gr->gr_mem;; ++g) {
if (!*g)
errx(1,
Regards,
David Nugent, Unique Computing Pty Ltd - Melbourne, Australia
Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet
davidn@blaze.net.au http://www.blaze.net.au/~davidn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Mutt.19961114155009.davidn>