On Mon, Mar 18, 2013 at 3:42 PM, Karel Zak <kzak@xxxxxxxxxx> wrote: > Do we really need passwords for groups [newgrp(1) and /etc/gshadow]? > Seems like a nice over-engineering. > > By the way, I have fixed newgrp(1) in util-linux and shadow-utils 5 > years ago. The password verification was pretty useless for years... > > IMHO it would be better to mark whole /etc/gshadow as deprecated and > reuse "su --group <group> [--supp-group <group> ...]" code to switch > between groups, then we don't have to maintain separate newgrp code. > > Note that newgrp(1) is available in shadow-utils and util-linux, sg(1) > is alias in shadow-utils. We have been successful with login(1), now > I'd like to consolidate newgrp(1) :-) > > Comments? Usefulness of gshadow was discussed earlier[1]. I have not heard anyone using gshadow. Neither Open Group or Linux Standard Base recognize gshadow file, so keeping it a live seems to be voluntary. There is also quite long history with confusion how the gshadow should work[2]. So maybe it is time to get rid of this legacy experiment. Maybe it is worthwhile to mention that Open Group defines newgrp[3] command, so one of the projects should probably deliver it. The shadow-utils version seems to be more complete (it has built in syslog for example), so perhaps it should be the chosen one. Having 'su --group', or similar, as newgrp alternative sounds fair. [1] https://groups.google.com/d/msg/fa.linux.kernel/Zg987XcLy2U/wlV3Z9h66d0J [2] https://groups.google.com/forum/#!search/gshadow/comp.os.linux.admin/QptNuTMTMio/lDoeuy7KwOkJ [3] http://pubs.opengroup.org/onlinepubs/000095399/utilities/newgrp.html -- Sami Kerola http://www.iki.fi/kerolasa/ -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
