groupmems prompts for password when run as sudo/root
Bug #2039541 reported by
Miha Purg
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
shadow (Debian) |
New
|
Unknown
|
|||
shadow (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
When trying to clear users from a group using the groupmems command, the user is always prompted for the root's password, even when running as root or via sudo:
(as root)
# addgroup testgroup
# groupmems -g testgroup -p
Password:
(via sudo)
# sudo addgroup testgroup
# sudo groupmems -g testgroup -p
Password:
I'm not sure if this is desired behavior, but I would expect this command to work without the root password.
Changed in shadow (Debian): | |
status: | Unknown → New |
To post a comment you must log in.
Nice find.
My guess is that the Debian maintainer forgot to include the pam.d configuration file supplied by upstream when this new tool was included:
- https:/ /github. com/shadow- maint/shadow/ blob/master/ etc/pam. d/groupmems /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 663117
- https:/
We could decide either to:
- support the tool properly and include the pam.d file
- drop the tool entirely because we've made it this far without anyone noticing, and we made it several decades before someone wrote the tool in the first place
- ignore it entirely because it doesn't seem to be hurting anything as it is
Properly including the tool might bring with it any security problems that it might have. Leaving it alone probably doesn't bring security problems.
In any event we should also file a bug with Debian so they can make a decision, too.
Thanks