Ubuntu
shadow package

newgrp broken

Bug #17310 reported by Mikel Ward on 2005-05-21

Affects		Status	Importance	Assigned to	Milestone
	shadow (Ubuntu)	Invalid	Medium	Martin Pitt

Bug Description

After adding myself to a group, my current environment still contains my old
group vector. The normal way to override this is to issue "newgrp <new group
name>", which sets the new group vector and spawns a shell.

On Debian Sarge, this works fine for me, but on Ubuntu Hoary, I am instead asked
for a password. Since the new group has no password, I type RETURN, but I get a
message saying "Sorry." and the group vector remains unchanged.

An strace shows that newgrp is trying to call setgroups(), but it fails with
EPERM. As far as I can tell, this should succeed since /usr/bin/newgrp is
setuid root.

Revision history for this message

Martin Pitt (pitti) wrote on 2005-06-28:

This works perfectly for me on Hoary and Breezy:

$ id
uid=1000(martin) gid=1000(martin)
groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(lpadmin),108(scanner),109(admin),1000(martin)
$ newgrp games
[No password asked here!]
$ id
uid=1000(martin) gid=60(games)
groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),60(games),107(lpadmin),108(scanner),109(admin),1000(martin)
$ exit
exit
$ id
uid=1000(martin) gid=1000(martin)
groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(lpadmin),108(scanner),109(admin),1000(martin)

I am only asked for a password if I call newgrp without an argument, but that
happens on Sarge as well (which could still be considered a bug though). So what
is the difference between Sarge and Hoary you are aiming at?

Revision history for this message

Mikel Ward (mikelward) wrote on 2005-06-29:

I must have been editing /etc/shadow to add myself to the group, neglecting to
modify /etc/gshadow.
When using gpasswd to add myself to the group, which modifies both files, newgrp
<group> works as expected.