[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Please verify these 2 OpenBSD Bugs (FAQ, adduser, login.conf)
- To: misc@openbsd.org
- Subject: Re: Please verify these 2 OpenBSD Bugs (FAQ, adduser, login.conf)
- From: Mark Farquaad <markfarquaad@gmail.com>
- Date: Sat, 1 Jan 2005 18:39:48 +0100
- DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=TC+U2qiFbqx2DNu4vZuvx4TgxdK4Uhli2EOPJFw/N5tv3M7F4bfXE/AEe2kj55K/vYls3jrS7uU+Z9eNnSimsv3+ymb2PbCei0tYsD/QcPytbIOc0BhC7c3DIkaYrpEvCjKHrXHisxjfk/4xQXT3MRlFGzGIHV5MpVH3x6IebaI=
- References: <8f587f2704123103213a426e3e@mail.gmail.com> <Pine.BSO.4.61.0412311231130.16836@pepper.intra.drijf.net> <d14e8d9d04123109352998b738@mail.gmail.com> <8f587f2705010101494c8746d6@mail.gmail.com> <Pine.BSO.4.61.0501011057350.8824@pepper.intra.drijf.net>
Hi all,
On Sat, 1 Jan 2005 11:04:30 +0100 (CET), Otto Moerbeek <otto@drijf.net> wrote:
> Again, read group(5).
I did. I don't see how any of that information should help here.
> If the primary group is wheel, there's no need to
> add the user to the wheel group in /etc/group. It has always been this
> way, and su(1) works. /etc/group is used to record _secondary_ groups.
Have you tried this?
I as a newbie think that's incorrect.
If in the above example, where foobar is NOT in the wheel group
in /etc/group, I get the following output when logging in as foobar:
login: foobar
Password: *******
Last login: ...
Welcome to OpenBSD... <snip>
$ su
Password: ****** (correct root password)
you are not in group wheel
sorry
> No, there is no problem. This would violate long standing behavior. I
> repeat: this is not a bug.
To me it looks like the opposite. There is a problem, although
probably a long standing one. But I don't see how that would make
the problem smaller.
You think this is not a bug. Have you fully considered what I have
reported here and tested it yourself?
Are you in charge of the adduser program in OpenBSD?
If not, I think I should go ahead and forward this "problem"
to bugs@openbsd.org, no? - Even if it *is* possible to operate
adduser to get correct results, if you know exactly how to.
Using adduser the way I did is quite a natural way to add a user
to the wheel group. Thus it *should* not create the problems
it does. - At least that's my oppinion.
When using adduser the way I did, it does *not* produce the
results one expects, thus it might be considered a bug, no?
As Matthias Kilian wrote:
> There's a little caveat with su(1), which may indeed cause some
> confusion:
> If group 0 (normally ``wheel'') has users listed then only those
> users can su to ``root''. It is not sufficient to change a user's
> /etc/passwd entry to add them to the ``wheel'' group; they must
> explicitly be listed in /etc/group. If no one is in the ``wheel''
> group, it is ignored, and anyone who knows the root password is
> permitted to su to ``root''.
That's exactly relevant!
Thanks Matthias Kilian for this competent clarification!
I think the behaviour of adduser mentioned in this post
should be considered to be not quite self-evident or, to an
average user: *buggy*!
Anyone think this should be posted to bugs@openbsd.org?
On Sat, 1 Jan 2005 4:17pm, Otto Moerbeek <otto@drijf.net> wrote:
> Once again, it is shown that careful reading is required. But, as it
> seems, all questions posted by the OP are answered by the man
> pages su(1) and group(5).
Who's "OP"? If you're refering to me with "OP", no, not all questions
posted by me are answered by the man pages su(1) and group(5)!
I asked if this behaviour of adduser is a bug or not.
You basically told me that it's behaviour is "long standing behaviour",
not wheather it's a bug or not, - or rather you didn't even look into
it with the required depth - it seems now.
Greetings,
Mark