From owner-freebsd-current@FreeBSD.ORG Sat Nov 17 16:20:22 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7CE8E2DB; Sat, 17 Nov 2012 16:20:22 +0000 (UTC) (envelope-from rysto32@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 19ABE8FC0C; Sat, 17 Nov 2012 16:20:21 +0000 (UTC) Received: by mail-vb0-f54.google.com with SMTP id l1so4922340vba.13 for ; Sat, 17 Nov 2012 08:20:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=0R8Y+GOt8YqwsWcuWaNRRq35LtQspqYVwyFzIIVgr2g=; b=wZuutgticr4bA1jwKYMKH2ZQ8+bAJur/9tlc648pBVBe/UxrrongYlqBwxD3nhet4G 8ZJCsmgSn4d7Z3fELbcunTeyQAht8iBv6Tu5g+quvdAaSSsbQNbdpv96Gl3coMtFiwSf rfuyUdMFMZPvKR5y7tlhQGxzH/RCP9g3oIX/GCpva4tqaGU3oKLj+XL2FMdfTB8roKYM FmYLBSPHvN8HOZXymqObj6Awt+60iP2T07EAmjFvxRbC7m7tkBaN+xIg6mC+n84s/7cp cI6+ti5bQGA8gdRQ51fisJZmKQhWj/9TEhWAqWhzM/I1yVz+dlffysoSWgv9cQ1XbO4p HoTQ== MIME-Version: 1.0 Received: by 10.52.155.199 with SMTP id vy7mr10718157vdb.54.1353169221399; Sat, 17 Nov 2012 08:20:21 -0800 (PST) Received: by 10.58.207.114 with HTTP; Sat, 17 Nov 2012 08:20:21 -0800 (PST) In-Reply-To: References: Date: Sat, 17 Nov 2012 11:20:21 -0500 Message-ID: Subject: Re: pw keeps setting /etc/group to 0600 From: Ryan Stone To: FreeBSD Current Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: bapt@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 16:20:22 -0000 Wow. So apparently things are even more broken than I though. Let's play, "What group am I in?" root@group-testing:/usr/home/rstone # cd /tmp root@group-testing:/tmp # pw groupadd testing root@group-testing:/tmp # mkdir testdir root@group-testing:/tmp # chown root:testing testdir/ root@group-testing:/tmp # chmod g+rwx testdir/ root@group-testing:/tmp # pw usermod root@group-testing:/tmp # pw groupmod testing -m rstone root@group-testing:/tmp # id rstone uid=1001(rstone) gid=1001(rstone) groups=1001(rstone),0(wheel),1002(testing) root@group-testing:/tmp # exit $ id uid=1001(rstone) gid=1001 groups=1001,0 $ id rstone uid=1001(rstone) gid=1001 groups=1001 $ touch /tmp/testdir/testfile touch: /tmp/testdir/testfile: Permission denied $ ls -ld /tmp/testdir/ drwxrwxr-x 2 root 1002 512 Nov 17 11:07 /tmp/testdir/ My original complaint that /etc/group gets permissions of 0600 is a result of a bug in libutil, which bapt@ ported pw to use in r242349. The new group manipulation API using mktemp to create a temporary file, writes the new group database to the temp file and then renames the temp file to /etc/group. The problem here is that mktemp creates a file with a mode of 600, and libutil never chmods it. That should be pretty trivial to fix. I have no idea what's happening in my example above, though. Baptiste, I have to ask: how much testing did r242349 receive before it was committed?