Message ID | 3633f72d3f35d4413bec319971b1a8d26c2fbaeb.1356909238.git.yann.morin.1998@free.fr |
---|---|
State | Rejected |
Headers | show |
Dear Yann E. MORIN,
On Mon, 31 Dec 2012 00:26:02 +0100, Yann E. MORIN wrote:
> /etc/gshadow is to /etc/group what /etc/shadow is to /etc/passwd.
Could you give some more details? I understand /etc/shadow as opposed
to /etc/passwd, but I don't see the point of /etc/gshadow since groups
don't have passwords.
Thomas
Thomas, All, On Monday 31 December 2012 Thomas Petazzoni wrote: > On Mon, 31 Dec 2012 00:26:02 +0100, Yann E. MORIN wrote: > > /etc/gshadow is to /etc/group what /etc/shadow is to /etc/passwd. > > Could you give some more details? I understand /etc/shadow as opposed > to /etc/passwd, but I don't see the point of /etc/gshadow since groups > don't have passwords. Wrong. Groups can have passwords. And users can change-group with: $ newgrp [-] groupname If the user is a member of that group, or the group is paswrod-less, then no password is asked for, and the current group-id has changed (it is a bit like 'su', but to just change group) If the user is not a member that group, and the group is not restricted (eg. password is not '*' and does not start with '!', then the user is asked to enter the group password. See: group(5) gshadow(5) newgrp(1) I hope that was enough to explain addition of gshadow. ;-) Happy New Year! Regards, Yann E. MORIN.
Dear Yann E. MORIN, Happy New Year! On Mon, 31 Dec 2012 19:18:08 +0100, Yann E. MORIN wrote: > Wrong. Groups can have passwords. And users can change-group with: > > $ newgrp [-] groupname > > If the user is a member of that group, or the group is paswrod-less, then > no password is asked for, and the current group-id has changed (it is a bit > like 'su', but to just change group) > > If the user is not a member that group, and the group is not restricted (eg. > password is not '*' and does not start with '!', then the user is asked to > enter the group password. > > See: > group(5) gshadow(5) newgrp(1) > > I hope that was enough to explain addition of gshadow. ;-) Interesting, I didn't know about this. The next question that comes up is: do we really need to support this in Buildroot? Thomas
Thomas, All, On Tuesday 01 January 2013 Thomas Petazzoni wrote: > On Mon, 31 Dec 2012 19:18:08 +0100, Yann E. MORIN wrote: > > Wrong. Groups can have passwords. And users can change-group with: [--SNIP--] > The next question that comes up is: do we really need to support this > in Buildroot? Well, I interpreted the abscence of that file as an oversight, that's why I thought of adding it. Right, we probably do not need the change-group feature in buildroot. However, for the sake of consistency, I think it is good to have gshadow. But I can very well live without it, sure. Anyway... Happy New Year to all! :-) Regards, Yann E. MORIN.
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes: Hi, >> The next question that comes up is: do we really need to support this >> in Buildroot? Yann> Well, I interpreted the abscence of that file as an oversight, Yann> that's why I thought of adding it. Yann> Right, we probably do not need the change-group feature in Yann> buildroot. However, for the sake of consistency, I think it is Yann> good to have gshadow. Yann> But I can very well live without it, sure. Well, the fact that nobody has ever asked for it in the 11 years buildroot has existed and that Thomas (and me) didn't know about the file, makes me think that perhaps it isn't too important to support it in the default skeleton (you can certainly manually add it). Yann> Anyway... Happy New Year to all! :-) Thanks, same to you!
diff --git a/system/skeleton/etc/gshadow b/system/skeleton/etc/gshadow new file mode 100644 index 0000000..0af6dad --- /dev/null +++ b/system/skeleton/etc/gshadow @@ -0,0 +1,21 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +wheel:*:: +audio:*:: +www-data:*:: +utmp:*:: +staff:*:: +lock:*:: +haldaemon:*:: +dbus:*:: +netdev:*:: +ftp:*:: +nobody:*:: +nogroup:*:: +users:*:: +default:*::
/etc/gshadow is to /etc/group what /etc/shadow is to /etc/passwd. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> --- system/skeleton/etc/gshadow | 21 +++++++++++++++++++++ 1 files changed, 21 insertions(+), 0 deletions(-) create mode 100644 system/skeleton/etc/gshadow