[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please verify these 2 OpenBSD Bugs (FAQ, adduser, login.conf)

To: Adam Getchell <acgetchell@gmail.com>, otto@drijf.net
Subject: Re: Please verify these 2 OpenBSD Bugs (FAQ, adduser, login.conf)
From: Mark Farquaad <markfarquaad@gmail.com>
Date: Sat, 1 Jan 2005 10:49:25 +0100
Cc: misc@openbsd.org
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=FyPPkVG3U4QAg09VK43mSY9F13fM0PLMYqBkHVTqYyfuIsp+ZmdbRgcEz9KLq/k0SrEmcOxPgEZj+MzYuhDnJy5n/gVZe4b2aqe3l0EsJY878frOv/WAFQL/9HyHryoLXKaRpvjuiiYxShMK+Kf59eDfd6NLrb0Rfg4FHwosq/M=
References: <8f587f2704123103213a426e3e@mail.gmail.com> <Pine.BSO.4.61.0412311231130.16836@pepper.intra.drijf.net> <d14e8d9d04123109352998b738@mail.gmail.com>

Hi Adam Getschel and all others!

You're exaclty right!
I just did another test and found out that I did something
a little different the first couple of times! (Thanks to *notes*... :-)

What happens, obviously according to your post and
someone else's, not only to me is (was) this:

Instead of creating an own login group for the new user,
I figured I would put the new user in the "wheel" group,
as it is required that a user who can "su" is part of
the wheel group.
In this instance the adduser script seems to *fail*.
In the next question it asks the question:
"Login group is "wheel". Invite user into other groups? [no]"
Of course you don't add the user into other groups, when
he already is in the wheel group.
Apperently this is the only question though which
triggers the script for adding the new user in the wheel group
in /etc/groups.

I was able to reproduce this behavior by doing the following:
-----------------------------------------------------------
[mark@iggy:5]$ grep wheel /etc/group
wheel:*:0:root,mark
[otto@iggy:6]$ adduser
Use option ``-silent'' if you don't want to see all warnings and
questions.

Reading /etc/shells
Reading /etc/login.conf
Check /etc/master.passwd
Check /etc/group

Ok, let's go.
Don't worry about mistakes. I will give you the chance later to correct
any input.
Enter username []: foobar
Enter full name []: Foo Bar
Enter shell csh ksh nologin sh [ksh]:
Uid [1004]:
Login group foobar [foobar]: wheel
Login group is ``wheel''. Invite foobar into other groups: guest no
[no]: no
Login class auth-defaults auth-ftp-defaults daemon default staff
[default]:
Enter password []:
Set the password so that user cannot logon? (y/n) [n]: y

Name:        foobar
Password:    ****
Fullname:    Foo Bar
Uid:         1004
Gid:         0 (wheel)
Groups:      wheel
Login Class: default
HOME:        /home/foobar
Shell:       /bin/ksh
OK? (y/n) [y]:
Added user ``foobar''
Copy files from /etc/skel to /home/foobar
Add another user? (y/n) [y]: n
Goodbye!
[mark@iggy:7]$ grep wheel /etc/group
wheel:*:0:root,mark
[mark@iggy:8]$
-----------------------------------------------------------

I think this lays open what happend to me many times and what
might or has been happening to some others.

If all you know is that a new user must be in the "wheel" group
to be able to get root priviliges with "su", this is which is described 
here is very possible to happen. And it's not evident why the new
user is not added to the wheel group in /etc/group.

The question which remains is:
Do the devs want to address this problem and make an
additional script for adding a user to the wheel group if he
is *only* in the wheel group or not?

Greetings and thanks for your support on this not quite 
easy to find bug or mistake!
Mark

On Fri, 31 Dec 2004 09:35:55 -0800, Adam Getchell <acgetchell@gmail.com> wrote:
> Don't worry Mark; I know where you're coming from.
> 
> On Fri, 31 Dec 2004 12:35:08 +0100 (CET), Otto Moerbeek <otto@drijf.net> wrote:
> 
> > Login group foo [foo]:
> > Login group is ``foo''. Invite foo into other groups: guest no
> > [no]: wheel
> > Login class auth-defaults auth-ftp-defaults daemon default staff
> > [default]:
> > Enter password []:
> > Set the password so that user cannot logon? (y/n) [n]: y
> 
> > So not reproduceable on -current.
> 
> No, that's the trick right there. You've added user "foo" to login
> group "foo" first, then added to wheel. If you rerun this and add
> "foo" to login group "wheel" directly, (because you expect that it's
> not necessary to create a login group named after the user):
> 
> Login group foo [foo]: wheel
> 
> Then this *does not* work; you have to go in with root privileges and
> do usermod -G.
> 
> Yes, I've run into this myself. I don't know whether to call it a bug
> or idiosyncracy (from my perspective, anyway; perhaps this is normal
> expected Unix behavior to others), so I just keep it in mind and see
> if a developer think its something worth "fixing".
> 
> Adam
> --
> "Invincibility is in oneself, vulnerability in the opponent." -- Sun Tzu

Follow-Ups:
- Re: Please verify these 2 OpenBSD Bugs (FAQ, adduser, login.conf)
  - From: Otto Moerbeek <otto@drijf.net>

Prev by Date: 광고) 직장인 대출/ 카드대납/ 공무원대출 무료상담~@ tqcyqtyso j unhad
Next by Date: =?utf-8?q?No Fake --- Real Abi?= =?utf-8?q?lity! Augment your ?= =?utf-8?q?penis.?=
Prev by thread: 광고) 직장인 대출/ 카드대납/ 공무원대출 무료상담~@ tqcyqtyso j unhad
Next by thread: Re: Please verify these 2 OpenBSD Bugs (FAQ, adduser, login.conf)
Index(es):
- Date
- Thread