Bug 85280 - Group passwords are not working with newgrp command
Summary: Group passwords are not working with newgrp command
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: util-linux
Version: 8.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Elliot Lee
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2003-02-27 12:56 UTC by Manfred Pamsl
Modified: 2007-04-18 16:51 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2004-08-20 17:36:57 UTC

Attachments (Terms of Use)

Description Manfred Pamsl 2003-02-27 12:56:00 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021212

Description of problem:
Changing the primary group to a group with group password as a user, who  is not
a member of this group will fail even when suppling the correct password to newgrp. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.create a group: groupadd anygroup
2.set a group password: gpasswd anygroup
3.try to change your primary group to anygroup as a normal user:
newgrp anygroup

Additional info:

The newgrp command does not compare the user's input with the real group
password in /etc/gshadow, but with the password field in /etc/group, which
usually has only a value of 'x'.
The newgrp binary from the latest SUSE distribution works correctly on Redhat 8.0.

Comment 1 Jose Arthur Benetasso Villanova 2003-07-02 20:01:08 UTC
Same problem in 7.3 and 9.0

Comment 2 Elliot Lee 2003-07-08 20:06:13 UTC
Want Nalin's thoughts on how this should work with PAM/pwdb/whatever.

Comment 3 David Tonhofer 2004-05-30 19:15:28 UTC
Actually this is a duplicate/related to bug 


which was about RedHat 6.2.

The same problem exists in Fedora Core 2.0

Comment 4 Elliot Lee 2004-08-20 17:36:57 UTC
Ahh, thanks for pointing the other bug out.

Sorry for the delay - there's no reason an answer shouldn't have been
given a long time ago. The situation remains pretty much the same as
in  #14464 - the changes required to the system are pretty involved
(getting the concept of group passwords into PAM, changing newgrp and
gshadow to follow), but I can't personally justify spending the time
on this, and I hate to leave the bug report open if I know I'm not
planning on doing anything about it. If you'd prefer to have the bug
left open as a way to register your interest in the change, please reopen.

Maybe there are upstream maintainers that are interested in taking on
the task. Or someone out there...? :)

Note You need to log in before you can comment on or make changes to this bug.