svn commit: r253205 - stable/9/usr.bin/newgrp

[Dag-Erling Smørgrav]

Author: des
Date: Thu Jul 11 12:47:06 2013
New Revision: 253205
URL: http://svnweb.freebsd.org/changeset/base/253205

Log:
  MFH (r246553): document and explain need for setuid bit.
  
  PR:		docs/167741

Modified:
  stable/9/usr.bin/newgrp/newgrp.1
  stable/9/usr.bin/newgrp/newgrp.c
Directory Properties:
  stable/9/usr.bin/newgrp/   (props changed)

Modified: stable/9/usr.bin/newgrp/newgrp.1
==============================================================================
--- stable/9/usr.bin/newgrp/newgrp.1	Thu Jul 11 12:46:35 2013	(r253204)
+++ stable/9/usr.bin/newgrp/newgrp.1	Thu Jul 11 12:47:06 2013	(r253205)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd May 23, 2002
+.Dd February 8, 2013
 .Dt NEWGRP 1
 .Os
 .Sh NAME
@@ -90,6 +90,15 @@ A
 utility appeared in
 .At v6 .
 .Sh BUGS
+For security reasons, the
+.Nm
+utility is normally installed without the setuid bit.
+To enable it, run the following command:
+.Bd -literal -offset indent
+chmod u+s /usr/bin/newgrp
+.Ed
+.Pp
 Group passwords are inherently insecure as there is no way to stop
-users obtaining the crypted passwords from the group database.
+users obtaining the password hash from the group database.
 Their use is discouraged.
+Instead, users should simply be added to the necessary groups.

Modified: stable/9/usr.bin/newgrp/newgrp.c
==============================================================================
--- stable/9/usr.bin/newgrp/newgrp.c	Thu Jul 11 12:46:35 2013	(r253204)
+++ stable/9/usr.bin/newgrp/newgrp.c	Thu Jul 11 12:47:06 2013	(r253205)
@@ -73,7 +73,8 @@ main(int argc, char *argv[])
 {
 	int ch, login;
 
-	euid = geteuid();
+	if ((euid = geteuid()) != 0)
+		warnx("need root permissions to function properly, check setuid bit");
 	if (seteuid(getuid()) < 0)
 		err(1, "seteuid");