>Number: 169471 >Category: bin >Synopsis: pw(8) deletes group "username" on userdel even if group >"username" is not assoc. w/user "username" >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jun 26 23:20:06 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Devin Teske >Release: FreeBSD 9.0-RELEASE i386 >Organization: FIS Global, Inc. >Environment: FreeBSD scribe9.vicor.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:15:25 UTC 2012 [email protected]:/usr/obj/usr/src/sys/GENERIC i386 >Description: When performing "pw userdel USERNAME", pw(8) will delete a group by the same name regardless of association (or lack thereof) between a group and a user by the same name.
NOTE: Imagine if you had created a user named "wheel" and then executed "pw userdel wheel". The "wheel" group was just deleted silently without warning. No [simple] mechanism is provided to prevent the deletion of the group when deleting a user by the same name. >How-To-Repeat: pw useradd foo -g wheel # This creates user "foo" with primary gid of existing wheel group (0) pw groupadd foo # This adds a group with the same name pw userdel foo # This deletes both the user and the group (despite the fact that they are unrelated to each other -- read: user foo was not a member of group foo, nor did it have group foo as its primary gid). >Fix: I see a couple solutions, such as: 1. patch pw(8) to not touch groups during userdel (this requires scripts to adjust if they were relying on this feature), or... 2. patch pw(8) to check that the primary gid of the user being deleted is that of the group sharing the same name as the user. >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
