From owner-freebsd-arch@FreeBSD.ORG Fri Feb 8 09:47:19 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 1C06560F for ; Fri, 8 Feb 2013 09:47:19 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id BEA648A6 for ; Fri, 8 Feb 2013 09:47:18 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.16]) by ltcfislmsgpa05.fnfis.com (8.14.5/8.14.5) with ESMTP id r189l6Om015750 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 8 Feb 2013 03:47:06 -0600 Received: from LTCFISWMSGMB21.FNFIS.com ([10.132.99.23]) by LTCFISWMSGHT05.FNFIS.com ([10.132.206.16]) with mapi id 14.02.0309.002; Fri, 8 Feb 2013 03:47:05 -0600 From: "Teske, Devin" To: Diane Bruce , "freebsd-arch@freebsd.org" Subject: RE: group(5) Group Passwords do not work Thread-Topic: group(5) Group Passwords do not work Thread-Index: AQHOBYpYe7CgT9S9K0SQjxU66bgzd5hvtJgD Date: Fri, 8 Feb 2013 09:47:04 +0000 Message-ID: <13CA24D6AB415D428143D44749F57D7201EA6244@ltcfiswmsgmb21> References: <20130207232352.GA51387@night.db.net> In-Reply-To: <20130207232352.GA51387@night.db.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.253.120] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.9.8327, 1.0.431, 0.0.0000 definitions=2013-02-08_05:2013-02-08,2013-02-08,1970-01-01 signatures=0 Cc: "Teske, Devin" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2013 09:47:19 -0000 On Thu, 7 Feb 2013, Diane Bruce wrote: > Hi, >=20 > I've been looking at pw & friends for a while when this PR > was brought to my attention. >=20 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3Ddocs/167741 >=20 > Right now group passwords in /etc/group are marked with * > I'm told some linux distributions are marking this as "NOTUSED" > Clearly our man pages should either be changed to make it much more clear > that this stuff does not work and will never work in FreeBSD or the > code should be changed to make it work. ;) It secretly does work -- but only for those willing to take the plunge and: WARNING: Not recommended unless you *must* have this functionality... sudo chmod u+s /usr/bin/newgrp NOTE: Assuming /usr/bin/newgrp is already owned by root See newgrp(8) for additional details. > Mark Saad spent some time > checking this. If it is stated it is never going to be made to work, by c= ore > or whatever, some of the code in libutil + pw can be simplified a bit. newgrp(8) ships without the setuid root bit set for security reasons. It's = there to flip for anybody that needs it. Perhaps documentation should be up= dated to mention this. > It was also suggested on IRC that it is also possible that some pam > code does expect group passwords to work or at least passed through. >=20 Nope, not used by PAM. > How are we to proceed folks? I'd rather not see this functionality go away -- in my up-coming release of= bsdconfig(8) I have a module that supports nearly every aspect of pw(8) in= cluding managing group(5) passwords. I see in a later reply to this thread = by des that the list includes things besides newgrp(8) and pw(8) ... add bs= dconfig(8) to that list by way of pw(8) usage. --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.