Hi Egmont, On 2026-05-23T20:29:14+0200, Egmont Koblinger wrote: > > Hmmm, there's a problem. group(5) and gshadow(5) both specify a members > > list, and if they disagree, we have a problem: which source should be > > trusted? One of them? The union? The intersection? Fail if the files > > don't match? I don't have a good answer. > > > > Do you people have any opinions? > > > > Some utilities (setuid root or setgid shadow or alike ones, and ones run by > root to begin with such as login thingies) have access to both files, while > others (e.g. "id") only have access to the former. > > You want all utilities to see a consistent picture (a noble goal). > > Doesn't this problem have obviously only one solution: rely on the first > file for as many things as possible? An entry of the shadow file without a > corresponding entry in the public file needs to be treated as invalid, i.e. > ignored.
I tend to agree. A way to view the current behavior would be that there are "secret" groups, which root doesn't want the public to know. However, that's probably not a good idea. Have a lovely day! Alex > > e. -- <https://www.alejandro-colomar.es>
signature.asc
Description: PGP signature
