Mailinglist Archive: opensuse-factory (600 mails)
| < Previous | Next > |
Re: [opensuse-factory] newgroup passwords (was: "su nobody" fails)
- From: Joerg.Schilling@xxxxxxxxxxxxxxxxxxx (Joerg Schilling)
- Date: Thu, 08 Oct 2009 14:40:09 +0200
- Message-id: <4acddda9.pwURQm5e0OoDyl9L%Joerg.Schilling@xxxxxxxxxxxxxxxxxxx>
Juergen Weigert <jw@xxxxxxx> wrote:
Sorry, I was talkng about newgrp(1).
A traditional group looks like this:
root::0:
other::1:root
bin::2:root,daemon
sys::3:root,bin,adm
adm::4:root,daemon
uucp::5:root
mail::6:root
and is distributed via naming services like NIS. For this reason empty passwd
entries are usual.
While an empty passwd field in the passwd file means no passwd and grant
everybody, the same in the group file means: "Do not allow newgrp".
And BTW: Solaris "man group" does not agree with the behavior of the newgrp
utility ;-)
This is from newgrp.c
/*
* newgrp [-l | -] [group]
*
* rules
* if no arg, group id in password file is used
* else if group id == id in password file
* else if login name is in member list
* else if password is present and user knows it
* else too bad
*/
Jörg
--
EMail:joerg@xxxxxxxxxxxxxxxxxxxxxxxxxxx (home) Jörg Schilling D-13353 Berlin
js@xxxxxxxxxxxxxxx (uni)
joerg.schilling@xxxxxxxxxxxxxxxxxxx (work) Blog:
http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
SUSE does not have group(1) command. We have groups(1) and newgrp(1) and
group(5).
Sorry, I was talkng about newgrp(1).
If you are questioning the behaviour of newgrp, yes, I believe an empty
password should mean entering the group without password is permitted.
I don't have any traditional references at hand. Solaris 5.9 man page
appears to agrees with our man page, they say:
solaris$ man 1 newgrp
A password is demanded if the group has a password and the
user is not listed in /etc/group as being a member of that
group.
linux$ man 1 newgrp
A password is requested if the group has a password and the user is
not listed in the group file as being a member of that group.
What is the rationale for disregarding the empty password?
A traditional group looks like this:
root::0:
other::1:root
bin::2:root,daemon
sys::3:root,bin,adm
adm::4:root,daemon
uucp::5:root
mail::6:root
and is distributed via naming services like NIS. For this reason empty passwd
entries are usual.
While an empty passwd field in the passwd file means no passwd and grant
everybody, the same in the group file means: "Do not allow newgrp".
And BTW: Solaris "man group" does not agree with the behavior of the newgrp
utility ;-)
This is from newgrp.c
/*
* newgrp [-l | -] [group]
*
* rules
* if no arg, group id in password file is used
* else if group id == id in password file
* else if login name is in member list
* else if password is present and user knows it
* else too bad
*/
Jörg
--
EMail:joerg@xxxxxxxxxxxxxxxxxxxxxxxxxxx (home) Jörg Schilling D-13353 Berlin
js@xxxxxxxxxxxxxxx (uni)
joerg.schilling@xxxxxxxxxxxxxxxxxxx (work) Blog:
http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |