[1/3] system/skeleton: add the shadow-group file

Submitted by Yann E. MORIN on Dec. 30, 2012, 11:26 p.m.

Details

Message ID 3633f72d3f35d4413bec319971b1a8d26c2fbaeb.1356909238.git.yann.morin.1998@free.fr
State Rejected
Headers show

Commit Message

Yann E. MORIN Dec. 30, 2012, 11:26 p.m.
/etc/gshadow is to /etc/group what /etc/shadow is to /etc/passwd.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
 system/skeleton/etc/gshadow |   21 +++++++++++++++++++++
 1 files changed, 21 insertions(+), 0 deletions(-)
 create mode 100644 system/skeleton/etc/gshadow

Comments

Thomas Petazzoni Dec. 31, 2012, 5:18 p.m.
Dear Yann E. MORIN,

On Mon, 31 Dec 2012 00:26:02 +0100, Yann E. MORIN wrote:
> /etc/gshadow is to /etc/group what /etc/shadow is to /etc/passwd.

Could you give some more details? I understand /etc/shadow as opposed
to /etc/passwd, but I don't see the point of /etc/gshadow since groups
don't have passwords.

Thomas
Yann E. MORIN Dec. 31, 2012, 6:18 p.m.
Thomas, All,

On Monday 31 December 2012 Thomas Petazzoni wrote:
> On Mon, 31 Dec 2012 00:26:02 +0100, Yann E. MORIN wrote:
> > /etc/gshadow is to /etc/group what /etc/shadow is to /etc/passwd.
> 
> Could you give some more details? I understand /etc/shadow as opposed
> to /etc/passwd, but I don't see the point of /etc/gshadow since groups
> don't have passwords.

Wrong. Groups can have passwords. And users can change-group with:

    $ newgrp [-] groupname

If the user is a member of that group, or the group is paswrod-less, then
no password is asked for, and the current group-id has changed (it is a bit
like 'su', but to just change group)

If the user is not a member that group, and the group is not restricted (eg.
password is not '*' and does not start with '!', then the user is asked to
enter the group password.

See:
    group(5) gshadow(5) newgrp(1)

I hope that was enough to explain addition of gshadow. ;-)

Happy New Year!

Regards,
Yann E. MORIN.
Thomas Petazzoni Jan. 1, 2013, 9:26 a.m.
Dear Yann E. MORIN,

Happy New Year!

On Mon, 31 Dec 2012 19:18:08 +0100, Yann E. MORIN wrote:

> Wrong. Groups can have passwords. And users can change-group with:
> 
>     $ newgrp [-] groupname
> 
> If the user is a member of that group, or the group is paswrod-less, then
> no password is asked for, and the current group-id has changed (it is a bit
> like 'su', but to just change group)
> 
> If the user is not a member that group, and the group is not restricted (eg.
> password is not '*' and does not start with '!', then the user is asked to
> enter the group password.
> 
> See:
>     group(5) gshadow(5) newgrp(1)
> 
> I hope that was enough to explain addition of gshadow. ;-)

Interesting, I didn't know about this.

The next question that comes up is: do we really need to support this
in Buildroot?

Thomas
Yann E. MORIN Jan. 1, 2013, 3:36 p.m.
Thomas, All,

On Tuesday 01 January 2013 Thomas Petazzoni wrote:
> On Mon, 31 Dec 2012 19:18:08 +0100, Yann E. MORIN wrote:
> > Wrong. Groups can have passwords. And users can change-group with:
[--SNIP--]
> The next question that comes up is: do we really need to support this
> in Buildroot?

Well, I interpreted the abscence of that file as an oversight, that's why
I thought of adding it.

Right, we probably do not need the change-group feature in buildroot.
However, for the sake of consistency, I think it is good to have gshadow.

But I can very well live without it, sure.

Anyway... Happy New Year to all! :-)

Regards,
Yann E. MORIN.
Peter Korsgaard Jan. 1, 2013, 9:08 p.m.
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:

Hi,

 >> The next question that comes up is: do we really need to support this
 >> in Buildroot?

 Yann> Well, I interpreted the abscence of that file as an oversight,
 Yann> that's why I thought of adding it.

 Yann> Right, we probably do not need the change-group feature in
 Yann> buildroot.  However, for the sake of consistency, I think it is
 Yann> good to have gshadow.

 Yann> But I can very well live without it, sure.

Well, the fact that nobody has ever asked for it in the 11 years
buildroot has existed and that Thomas (and me) didn't know about the
file, makes me think that perhaps it isn't too important to support it
in the default skeleton (you can certainly manually add it).

 Yann> Anyway... Happy New Year to all! :-)

Thanks, same to you!

Patch hide | download patch | download mbox

diff --git a/system/skeleton/etc/gshadow b/system/skeleton/etc/gshadow
new file mode 100644
index 0000000..0af6dad
--- /dev/null
+++ b/system/skeleton/etc/gshadow
@@ -0,0 +1,21 @@ 
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+wheel:*::
+audio:*::
+www-data:*::
+utmp:*::
+staff:*::
+lock:*::
+haldaemon:*::
+dbus:*::
+netdev:*::
+ftp:*::
+nobody:*::
+nogroup:*::
+users:*::
+default:*::