From d5c6257ac25c322ddb9df17b07e2f9bc2412e4fc Mon Sep 17 00:00:00 2001 From: nekral-guest Date: Sun, 27 Jul 2008 02:33:37 +0000 Subject: [PATCH] * NEWS, src/groupmems.c: Allow everybody to list the users of a group. This information is publicly available in /etc/group. * NEWS, src/groupmems.c: Open /etc/group read only for the -l option. --- ChangeLog | 6 ++++++ NEWS | 3 +++ src/groupmems.c | 33 ++++++++++++++++----------------- 3 files changed, 25 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index 04bdeece..e1ae8050 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2008-07-27 Nicolas François + + * NEWS, src/groupmems.c: Allow everybody to list the users of a group. + This information is publicly available in /etc/group. + * NEWS, src/groupmems.c: Open /etc/group read only for the -l option. + 2008-07-27 Nicolas François * man/groupmems.8.xml: Sort options alphabetically. diff --git a/NEWS b/NEWS index a5d06182..18d466ab 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,9 @@ shadow-4.1.2.1 -> shadow-4.1.3 UNRELEASED - groupmems * Check if user exist before they are added to groups. * Avoid segfault in case the specified group does not exist in /etc/group. + * Everybody is allowed to list the users of a group. + * /etc/group is open readonly when one just wants to list the users of a + group. shadow-4.1.2 -> shadow-4.1.2.1 26-06-2008 diff --git a/src/groupmems.c b/src/groupmems.c index 43c7393f..05e15be1 100644 --- a/src/groupmems.c +++ b/src/groupmems.c @@ -214,7 +214,7 @@ static void fail_exit (int code) exit (code); } -int main (int argc, char **argv) +void main (int argc, char **argv) { char *name; struct group *grp; @@ -232,27 +232,30 @@ int main (int argc, char **argv) if (NULL == thisgroup) { name = whoami (); - if (NULL == name) { + if (!list && (NULL == name)) { fprintf (stderr, _("%s: your groupname does not match your username\n"), Prog); fail_exit (EXIT_NOT_PRIMARY); } } else { name = thisgroup; - if (!isroot ()) { + if (!list && !isroot ()) { fprintf (stderr, _("%s: only root can use the -g/--group option\n"), Prog); fail_exit (EXIT_NOT_ROOT); } } - check_perms (); + if (!list) { + check_perms (); - if (!gr_lock ()) { - fprintf (stderr, _("%s: unable to lock group file\n"), Prog); - fail_exit (EXIT_GROUP_FILE); + if (!gr_lock ()) { + fprintf (stderr, + _("%s: unable to lock group file\n"), Prog); + fail_exit (EXIT_GROUP_FILE); + } + group_locked = true; } - group_locked = true; - if (!gr_open (O_RDWR)) { + if (!gr_open (list ? O_RDONLY : O_RDWR)) { fprintf (stderr, _("%s: unable to open group file\n"), Prog); fail_exit (EXIT_GROUP_FILE); } @@ -265,7 +268,9 @@ int main (int argc, char **argv) fail_exit (EXIT_INVALID_GROUP); } - if (NULL != adduser) { + if (list) { + members (grp->gr_mem); + } else if (NULL != adduser) { if (is_on_list (grp->gr_mem, adduser)) { fprintf (stderr, _("%s: user `%s' is already a member of `%s'\n"), @@ -286,8 +291,6 @@ int main (int argc, char **argv) } else if (purge) { grp->gr_mem[0] = NULL; gr_update (grp); - } else if (list) { - members (grp->gr_mem); } if (!gr_close ()) { @@ -295,10 +298,6 @@ int main (int argc, char **argv) fail_exit (EXIT_GROUP_FILE); } - if (gr_unlock () == 0) { - fprintf (stderr, _("%s: unable to unlock group file\n"), Prog); - } - - exit (EXIT_SUCCESS); + fail_exit (EXIT_SUCCESS); }