From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510 Description of problem: I have played around with /etc/group and /etc/gshadow to elucidate the behaviour of the same. First off, I noticed that group passwords are not handled properly by 'newgrp', but that is another story ;-) for which bugs 85280 and 14464 should be consulted. The links to these: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=14464 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=85280 Here's the 'new' problem : The group membership list in /etc/gshadow is not operational. Try this: Create a file that is only accessible by group 'foo' ----rw---- 1 nobody foo 18 May 30 19:33 /tmp/README User dtonhofer is in group dtonhofer only That user cannot access the file, as expected Add user dtonhofer to the membership list of group foo in /etc/group then log in as that user (Access control is not dynamic, you have to create a new process? Well, that's correct, probably..) User can access the file, as expected. However, add user dtonhofer to the membership list of group foo in /etc/shadow then log in as that user (I made sure the group password was empty, too): User CANNOT access the file, but should be able to. Now I know why the membership lists are in /etc/group instead of /etc/gshadow, as one would expect them to be. Hmmm....gshadow seems to be the unloved relative. Is it actually ever used in the 'real world'? How reproducible: Always
gshadow, afaik, is only ever used for group passwords. I'll have to check some more.
http://www.tldp.org/HOWTO/Shadow-Password-HOWTO-7.html has some information on gshadow. Just putting the user in /etc/group is what's needed.