I use /etc/login.access to control access to machines based on what groups users are in. Only certain groups are permitted access. If a user is a member of a group, but it is their primary or login group, login.access will not permit them to log in. Group based access control only works if the group(s) given in /etc/login.access have the users in their **gr_mem struct member. This behavior is documented in login.access(5) and comments in /etc/login.access, but it would be nice if the group access control worked for login groups. Fix: Here are patches against -CURRENT to code and documentation that will fix this: How-To-Repeat: Put a line like this in /etc/login.access: -:ALL EXCEPT wheel foogroup:ALL If user foo has a password file entry like this: foo:*:1001:1001:Test User:/home/foo:/bin/sh and foogroup has a group file entry like this: foogroup:*:1001: user foo will not be able to log in, despite the fact that the user is in group foogroup.
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>