Date: Fri, 8 Feb 2013 11:10:06 +0100 From: Paul Schenkeveld <freebsd@psconsult.nl> To: freebsd-arch@freebsd.org Subject: Re: group(5) Group Passwords do not work Message-ID: <20130208101006.GA63171@psconsult.nl> In-Reply-To: <86a9rfkyg9.fsf@ds4.des.no> References: <20130207232352.GA51387@night.db.net> <86a9rfkyg9.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 08, 2013 at 09:21:42AM +0100, Dag-Erling Smørgrav wrote: > Diane Bruce <db@db.net> writes: > > It was also suggested on IRC that it is also possible that some pam > > code does expect group passwords to work or at least passed through. > > No, who gave you that idea? > > The only places where gr_passwd is mentioned in head are: > > contrib/mtree/getid.c > include/grp.h > lib/libc/gen/getgrent.3 > lib/libc/gen/getgrent.c > lib/libutil/gr_util.c > libexec/mknetid/parse_group.c > share/man/man5/group.5 > tools/regression/lib/libc/nss/test-getgr.c > tools/regression/lib/libutil/test-grp.c > usr.bin/getent/getent.c > usr.bin/logins/logins.c > usr.bin/newgrp/newgrp.c Newgrp still has the capability of letting non-root users change their group to any group that the user can supply a correct group passord for. To enable this capability do "chmod u+s /usr/bin/newgrp". I suppose this setuid bit was turned off by default long time ago as switching groups became more or less redundant when supplementary group ID's were introduced. I've used newgrp quite a lot on old System V UNIX machines back in the 1980's when supplementary group id's were not available. So it's incorrect to sat that the password field in /etc/group does not work and cannot work in FreeBSD. After all /etc/group is just a database containing group records and it's up to programs to decide what to do with that data. AFAIK this field is also part of the Posix standard so it should stay there and the functionality in pw(8) and other programs still matters if you happen to run software on your system that uses this piece of data. > usr.sbin/makefs/getid.c > usr.sbin/nscd/agents/group.c > usr.sbin/pw/pw_group.c HTH, Paul Schenkeveld
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130208101006.GA63171>