Bug 221417 - pw usermod silently ignores -G ""
Summary: pw usermod silently ignores -G ""
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-bugs mailing list
URL:
Keywords: patch, regression, security
Depends on:
Blocks:
 
Reported: 2017-08-11 11:54 UTC by Fabian Keil
Modified: 2017-09-08 21:17 UTC (History)
1 user (show)

See Also:
emaste: mfc-stable10+
emaste: mfc-stable11+


Attachments
pw usermod: Properly deal with empty secondary group lists (2.09 KB, patch)
2017-08-11 11:54 UTC, Fabian Keil
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Fabian Keil 2017-08-11 11:54:40 UTC
Created attachment 185283 [details]
pw usermod: Properly deal with empty secondary group lists

"pw usermod blafasel -G ''" is supposed to make sure that blafasel
doesn't have any secondary group memberships.

Since the pw refactoring in 2015 pw usermod treats -G "" as if no
secondary group membership modification was requested, though.
As a result, any existing memberships are kept.

The attached patch fixes the issue and adds a test for it.
    
Obtained from: ElectroBSD
Comment 1 commit-hook freebsd_committer 2017-08-19 00:20:07 UTC
A commit references this bug:

Author: emaste
Date: Sat Aug 19 00:19:24 UTC 2017
New revision: 322677
URL: https://svnweb.freebsd.org/changeset/base/322677

Log:
  pw usermod: Properly deal with empty secondary group lists (-G '')

  "pw usermod someuser -G ''" is supposed make sure that someuser
  doesn't have any secondary group memberships.

  Previouly it was a nop because split_groups() only intitialised
  "groups" if at least one group was specified. As a result the
  existing secondary group memberships were kept.

  PR:		221417
  Submitted by:	Fabian Keil
  Obtained from:	ElectroBSD
  MFC after:	1 week
  Relnotes:	yes

Changes:
  head/usr.sbin/pw/pw_user.c
  head/usr.sbin/pw/tests/pw_usermod_test.sh
Comment 2 commit-hook freebsd_committer 2017-08-26 00:36:14 UTC
A commit references this bug:

Author: emaste
Date: Sat Aug 26 00:35:50 UTC 2017
New revision: 322919
URL: https://svnweb.freebsd.org/changeset/base/322919

Log:
  MFC r322677: pw usermod: Properly deal with empty secondary group lists (-G '')

  PR:		221417
  Relnotes:	Yes

Changes:
_U  stable/11/
  stable/11/usr.sbin/pw/pw_user.c
  stable/11/usr.sbin/pw/tests/pw_usermod_test.sh
Comment 3 commit-hook freebsd_committer 2017-09-08 21:17:05 UTC
A commit references this bug:

Author: emaste
Date: Fri Sep  8 21:16:23 UTC 2017
New revision: 323333
URL: https://svnweb.freebsd.org/changeset/base/323333

Log:
  MFC r322677: pw usermod: handle empty secondary group lists (-G '')

  "pw usermod someuser -G ''" is supposed make sure that someuser
  doesn't have any secondary group memberships.

  Previouly it was a nop because split_groups() only intitialised
  "groups" if at least one group was specified. As a result the
  existing secondary group memberships were kept.

  PR:		221417
  Submitted by:	Fabian Keil
  Approved by:	re (kib)
  Obtained from:	ElectroBSD
  Relnotes:	yes

Changes:
_U  stable/10/
  stable/10/usr.sbin/pw/pw_user.c
  stable/10/usr.sbin/pw/tests/pw_usermod_test.sh