Patchwork [1/3] system/skeleton: add the shadow-group file

login
register
mail settings
Submitter Yann E. MORIN
Date Dec. 30, 2012, 11:26 p.m.
Message ID <3633f72d3f35d4413bec319971b1a8d26c2fbaeb.1356909238.git.yann.morin.1998@free.fr>
Download mbox | patch
Permalink /patch/208813/
State Rejected
Headers show

Comments

Yann E. MORIN - Dec. 30, 2012, 11:26 p.m.
/etc/gshadow is to /etc/group what /etc/shadow is to /etc/passwd.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
 system/skeleton/etc/gshadow |   21 +++++++++++++++++++++
 1 files changed, 21 insertions(+), 0 deletions(-)
 create mode 100644 system/skeleton/etc/gshadow
Thomas Petazzoni - Dec. 31, 2012, 5:18 p.m.
Dear Yann E. MORIN,

On Mon, 31 Dec 2012 00:26:02 +0100, Yann E. MORIN wrote:
> /etc/gshadow is to /etc/group what /etc/shadow is to /etc/passwd.

Could you give some more details? I understand /etc/shadow as opposed
to /etc/passwd, but I don't see the point of /etc/gshadow since groups
don't have passwords.

Thomas
Yann E. MORIN - Dec. 31, 2012, 6:18 p.m.
Thomas, All,

On Monday 31 December 2012 Thomas Petazzoni wrote:
> On Mon, 31 Dec 2012 00:26:02 +0100, Yann E. MORIN wrote:
> > /etc/gshadow is to /etc/group what /etc/shadow is to /etc/passwd.
> 
> Could you give some more details? I understand /etc/shadow as opposed
> to /etc/passwd, but I don't see the point of /etc/gshadow since groups
> don't have passwords.

Wrong. Groups can have passwords. And users can change-group with:

    $ newgrp [-] groupname

If the user is a member of that group, or the group is paswrod-less, then
no password is asked for, and the current group-id has changed (it is a bit
like 'su', but to just change group)

If the user is not a member that group, and the group is not restricted (eg.
password is not '*' and does not start with '!', then the user is asked to
enter the group password.

See:
    group(5) gshadow(5) newgrp(1)

I hope that was enough to explain addition of gshadow. ;-)

Happy New Year!

Regards,
Yann E. MORIN.
Thomas Petazzoni - Jan. 1, 2013, 9:26 a.m.
Dear Yann E. MORIN,

Happy New Year!

On Mon, 31 Dec 2012 19:18:08 +0100, Yann E. MORIN wrote:

> Wrong. Groups can have passwords. And users can change-group with:
> 
>     $ newgrp [-] groupname
> 
> If the user is a member of that group, or the group is paswrod-less, then
> no password is asked for, and the current group-id has changed (it is a bit
> like 'su', but to just change group)
> 
> If the user is not a member that group, and the group is not restricted (eg.
> password is not '*' and does not start with '!', then the user is asked to
> enter the group password.
> 
> See:
>     group(5) gshadow(5) newgrp(1)
> 
> I hope that was enough to explain addition of gshadow. ;-)

Interesting, I didn't know about this.

The next question that comes up is: do we really need to support this
in Buildroot?

Thomas
Yann E. MORIN - Jan. 1, 2013, 3:36 p.m.
Thomas, All,

On Tuesday 01 January 2013 Thomas Petazzoni wrote:
> On Mon, 31 Dec 2012 19:18:08 +0100, Yann E. MORIN wrote:
> > Wrong. Groups can have passwords. And users can change-group with:
[--SNIP--]
> The next question that comes up is: do we really need to support this
> in Buildroot?

Well, I interpreted the abscence of that file as an oversight, that's why
I thought of adding it.

Right, we probably do not need the change-group feature in buildroot.
However, for the sake of consistency, I think it is good to have gshadow.

But I can very well live without it, sure.

Anyway... Happy New Year to all! :-)

Regards,
Yann E. MORIN.
Peter Korsgaard - Jan. 1, 2013, 9:08 p.m.
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:

Hi,

 >> The next question that comes up is: do we really need to support this
 >> in Buildroot?

 Yann> Well, I interpreted the abscence of that file as an oversight,
 Yann> that's why I thought of adding it.

 Yann> Right, we probably do not need the change-group feature in
 Yann> buildroot.  However, for the sake of consistency, I think it is
 Yann> good to have gshadow.

 Yann> But I can very well live without it, sure.

Well, the fact that nobody has ever asked for it in the 11 years
buildroot has existed and that Thomas (and me) didn't know about the
file, makes me think that perhaps it isn't too important to support it
in the default skeleton (you can certainly manually add it).

 Yann> Anyway... Happy New Year to all! :-)

Thanks, same to you!

Patch

diff --git a/system/skeleton/etc/gshadow b/system/skeleton/etc/gshadow
new file mode 100644
index 0000000..0af6dad
--- /dev/null
+++ b/system/skeleton/etc/gshadow
@@ -0,0 +1,21 @@ 
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+wheel:*::
+audio:*::
+www-data:*::
+utmp:*::
+staff:*::
+lock:*::
+haldaemon:*::
+dbus:*::
+netdev:*::
+ftp:*::
+nobody:*::
+nogroup:*::
+users:*::
+default:*::