If I remember correctly, groups (except "usergroups") are not managed by systemd-homed; they're still managed by shadow via /etc/group. So an admin can just add any username to /etc/group using `vigr`, regardless of that user's origin.
(Even if groups *were* managed by systemd-homed, I think the default setup of /etc/nsswitch.conf is that group memberships from all sources are merged?)
On Fri, Jan 20, 2023 at 4:42 PM eric <eric@xxxxxxxxxxxxx> wrote:
Hey everyone on systemd-devel
Is there somehow a method to change group membership without having the
user's password ?
Usually its an admin task to maintain group membership and she has no
user passwords.
But when its the users task to join a group, the user needs the admin
password, this is also a bad situation.
Is it possible to add more than one password ?
/eric
--
Mantas Mikulėnas
