[nycbug-talk] Group Password Support

Mark Saad mark.saad at ymail.com
Tue May 8 10:11:41 EDT 2012

On Mon, May 7, 2012 at 5:06 PM, Jesse Callaway <bonsaime at gmail.com> wrote:
> I'd like to hear more on this too. I just set up my first
> objectClass=posixgroup in OpenLDAP this morning.
> The password attribute is an optional attribute in the directory server
> schema I'm using, and I have elected to leave it out entirely.
> I just have the group name and the gidNumber attributes.
> On May 7, 2012 2:16 PM, "Mark Saad" <mark.saad at ymail.com> wrote:
>> All
>>  I have no need for this , but I was wondering if any of the BSD's
>> supported group passwords. I ran into a typo in a group file and
>> someone had the GID in the password field.
>> The FreeBSD man page for group states" The passwd field is an optional
>> encrypted password.  This field is rarely used and an asterisk is
>> normally placed in it rather than leaving it blank."
>> So the two obvious questions are how would I set a group password, and
>> how would one use it ?
>> --
>> Mark Saad | mark.saad at ymail.com
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk

Ok pr submitted . Now the other issue is , I cant actually make it work.

Here is what I did , I want to send this as another pr but before I do
that I want to make sure that I am actually doing this correctly.

root at blindness:~# pw groupadd testgroup
root at blindness:~# pw group mod testgroup -h 0
New password for group testgroup:   blahblahblah
root at blindness:~# exit
msaad at blindness:~% newgrp testgroup
newgrp: setgid: Operation not permitted
msaad at blindness:~%

Looking at a truss of the newgrp command shows the following

open("/etc/auth.conf",O_RDONLY,0141)             = 3 (0x3)
read(3,"#\n# $FreeBSD: src/etc/auth.conf"...,4096) = 237 (0xed)
read(3,0x7fffffffc670,4096)                      = 0 (0x0)
close(3)                                         = 0 (0x0)
__sysctl(0x7fffffffd950,0x2,0x7fffffffd96c,0x7fffffffd960,0x0,0x0) = 0 (0x0)
getgroups(0x400,0x801041000,0x801000658,0x42,0x601f48,0xffffffff) = 3 (0x3)
seteuid(0x3ea,0x801041008,0x3,0x3,0x601f48,0xffffffff) = 0 (0x0)
setgid(0x3eb,0x801041008,0x3,0x3,0x601f48,0xffffffff) ERR#1 'Operation
not permitted'
getuid()                                         = 1002 (0x3ea)
seteuid(0x3ea,0x801041008,0xffffffffffffffff,0x1,0x601f48,0xffffffff) = 0 (0x0)
write(2,"newgrp: ",8)                            = 8 (0x8)
write(2,"setgid",6)                              = 6 (0x6)
write(2,": ",2)                                  = 2 (0x2)
stat("/usr/share/nls/C/libc.cat",0x7fffffffd330) ERR#2 'No such file
or directory'
stat("/usr/share/nls/libc/C",0x7fffffffd330)     ERR#2 'No such file
or directory'
stat("/usr/local/share/nls/C/libc.cat",0x7fffffffd330) ERR#2 'No such
file or directory'
stat("/usr/local/share/nls/libc/C",0x7fffffffd330) ERR#2 'No such file
or directory'
write(2,"Operation not permitted\n",24)          = 24 (0x18)
seteuid(0x3ea,0x7fffffffd210,0x0,0x18,0x7ff7ff2af0d6,0xffffffff) = 0 (0x0)
getuid()                                         = 1002 (0x3ea)
setuid(0x3ea,0x7fffffffd210,0x0,0x18,0x7ff7ff2af0d6,0xffffffff) = 0 (0x0)
execve("/bin/csh",<missing argument>,<missing argument>) = 0 (0x0)

This leads me to believe that I need to setup some additional system
to make this work. Any ideas .
the man page for auth.conf is not helpful here .

Mark Saad | mark.saad at ymail.com

More information about the talk mailing list