* Fix typo in comment.
* Move comment regarding FIRST_MEMBER_IS_ADMIN to where it belongs. * Indicate the end of the #ifdef FIRST_MEMBER_IS_ADMIN section.
This commit is contained in:
parent
4160d8c1fb
commit
db479122f3
@ -1,3 +1,11 @@
|
|||||||
|
2008-02-26 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* src/gpasswd.c: Fix typo in comment.
|
||||||
|
* src/gpasswd.c: Move comment regarding FIRST_MEMBER_IS_ADMIN to
|
||||||
|
where it belongs.
|
||||||
|
* src/gpasswd.c: Indicate the end of the #ifdef FIRST_MEMBER_IS_ADMIN
|
||||||
|
section.
|
||||||
|
|
||||||
2008-02-25 Nicolas François <nicolas.francois@centraliens.net>
|
2008-02-25 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* man/po/Makefile.in.in: Use --previous when merging PO files of
|
* man/po/Makefile.in.in: Use --previous when merging PO files of
|
||||||
|
@ -423,12 +423,17 @@ static void check_perms (const struct group *gr)
|
|||||||
|
|
||||||
#ifdef FIRST_MEMBER_IS_ADMIN
|
#ifdef FIRST_MEMBER_IS_ADMIN
|
||||||
/*
|
/*
|
||||||
* The policy here for changing a group is that 1) you must bes root
|
* The policy here for changing a group is that 1) you must be root
|
||||||
* or 2) you must be the first listed member of the group. The
|
* or 2) you must be the first listed member of the group. The
|
||||||
* first listed member of a group can do anything to that group that
|
* first listed member of a group can do anything to that group that
|
||||||
* the root user can. The rationale for this hack is that the FIRST
|
* the root user can. The rationale for this hack is that the FIRST
|
||||||
* user is probably the most important user in this entire group.
|
* user is probably the most important user in this entire group.
|
||||||
*/
|
*/
|
||||||
|
/*
|
||||||
|
* This feature enabled by default could be a security problem when
|
||||||
|
* installed on existing systems where the first group member might
|
||||||
|
* be just a normal user. --marekm
|
||||||
|
*/
|
||||||
if (!amroot) {
|
if (!amroot) {
|
||||||
if (gr->gr_mem[0] == (char *) 0) {
|
if (gr->gr_mem[0] == (char *) 0) {
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -446,12 +451,7 @@ static void check_perms (const struct group *gr)
|
|||||||
failure ();
|
failure ();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#else
|
#else /* ! FIRST_MEMBER_IS_ADMIN */
|
||||||
/*
|
|
||||||
* This feature enabled by default could be a security problem when
|
|
||||||
* installed on existing systems where the first group member might
|
|
||||||
* be just a normal user. --marekm
|
|
||||||
*/
|
|
||||||
if (!amroot) {
|
if (!amroot) {
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
Loading…
Reference in New Issue
Block a user