bin/185666: Regression for 'pw usermod <user> -G <grouplist>'

Jason Edwards sub.mesa at gmail.com
Sat Jan 11 20:00:01 UTC 2014 

>Number:         185666
>Category:       bin
>Synopsis:       Regression for 'pw usermod <user> -G <grouplist>'
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 11 20:00:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Jason Edwards
>Release:        10.0-RC3
>Organization:
ZFSguru
>Environment:
FreeBSD zfsguru.bsd 10.0-RC3 FreeBSD 10.0-RC3 #0: Tue Dec 24 02:57:59 UTC 2013     jason at zfsguru:/usr/obj/tmpfs/2-source/sys/OFED-POLLING-ALTQ  amd64
>Description:
The pw(8) manpage states:

     -G grouplist  Set additional group memberships for an account.  grouplist
                   is a comma, space or tab-separated list of group names or
                   group numbers.  The user's name is added to the group lists
                   in /etc/group, and removed from any groups not specified in
                   grouplist.

This works as expected on FreeBSD 9.2-RELEASE where the user is removed from any groups not specified explicitly in the -G grouplist. However, on 10.0-RC1 and 10.0-RC3, I can reproduce 100% a regression where the username is *NOT* removed from the 'old group'. It is only added to the new group.
>How-To-Repeat:
It works as expected on 9.2:

pw useradd testuser
pw groupadd testgroup
pw groupadd testgroup2
pw usermod testuser -G testgroup

# /etc/group section before:
# testuser:*:1001:
# testgroup:*:1002:testuser
# testgroup2:*:1003:

pw usermod testuser -G testgroup2

# /etc/group section after:
# testuser:*:1001:
# testgroup:*:1002:
# testgroup2:*:1003:testuser

However, on 10.0-RC1 and 10.0-RC3 amd64 the behavior is very different; it does not remove the 'old group':

pw useradd testuser
pw groupadd testgroup
pw groupadd testgroup2
pw usermod testuser -G testgroup

# /etc/group section before:
# testuser:*:1004:
# testgroup:*:1005:testuser
# testgroup2:*:1006:

pw usermod testuser -G testgroup2

# /etc/group section after:
# testuser:*:1004:
# testgroup:*:1005:testuser
# testgroup2:*:1006:testuser
>Fix:
Workaround is to use 'groupmod' instead, to achieve a rough equivalent:

# remove <username> from the group <oldgroup>
pw groupmod <oldgroup> -d <username>
# add <username> to the group <newgroup>
pw groupmod <newgroup> -m <username>

Of course, the usermod -G command is superior, because it removes the user from all groups not specified explicitly.

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list