Bug 221417
| Summary: | pw usermod silently ignores -G "" | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Fabian Keil <fk> | ||||
| Component: | bin | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Some People | CC: | emaste | ||||
| Priority: | --- | Keywords: | patch, regression, security | ||||
| Version: | CURRENT | Flags: | emaste:
mfc-stable11+
emaste: mfc-stable10+ |
||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
A commit references this bug: Author: emaste Date: Sat Aug 19 00:19:24 UTC 2017 New revision: 322677 URL: https://svnweb.freebsd.org/changeset/base/322677 Log: pw usermod: Properly deal with empty secondary group lists (-G '') "pw usermod someuser -G ''" is supposed make sure that someuser doesn't have any secondary group memberships. Previouly it was a nop because split_groups() only intitialised "groups" if at least one group was specified. As a result the existing secondary group memberships were kept. PR: 221417 Submitted by: Fabian Keil Obtained from: ElectroBSD MFC after: 1 week Relnotes: yes Changes: head/usr.sbin/pw/pw_user.c head/usr.sbin/pw/tests/pw_usermod_test.sh A commit references this bug: Author: emaste Date: Sat Aug 26 00:35:50 UTC 2017 New revision: 322919 URL: https://svnweb.freebsd.org/changeset/base/322919 Log: MFC r322677: pw usermod: Properly deal with empty secondary group lists (-G '') PR: 221417 Relnotes: Yes Changes: _U stable/11/ stable/11/usr.sbin/pw/pw_user.c stable/11/usr.sbin/pw/tests/pw_usermod_test.sh A commit references this bug: Author: emaste Date: Fri Sep 8 21:16:23 UTC 2017 New revision: 323333 URL: https://svnweb.freebsd.org/changeset/base/323333 Log: MFC r322677: pw usermod: handle empty secondary group lists (-G '') "pw usermod someuser -G ''" is supposed make sure that someuser doesn't have any secondary group memberships. Previouly it was a nop because split_groups() only intitialised "groups" if at least one group was specified. As a result the existing secondary group memberships were kept. PR: 221417 Submitted by: Fabian Keil Approved by: re (kib) Obtained from: ElectroBSD Relnotes: yes Changes: _U stable/10/ stable/10/usr.sbin/pw/pw_user.c stable/10/usr.sbin/pw/tests/pw_usermod_test.sh |
Created attachment 185283 [details] pw usermod: Properly deal with empty secondary group lists "pw usermod blafasel -G ''" is supposed to make sure that blafasel doesn't have any secondary group memberships. Since the pw refactoring in 2015 pw usermod treats -G "" as if no secondary group membership modification was requested, though. As a result, any existing memberships are kept. The attached patch fixes the issue and adds a test for it. Obtained from: ElectroBSD