'pw usermod -G' not removing user from group?

Matthew Pherigo hybrid120 at gmail.com
Wed Mar 25 21:19:02 UTC 2015

Thanks, Rick! It's crazy that they didn't allow it in; seems like a pretty
big issue. Hopefully they'll release a patch through FreeBSD-update
soon. In the meantime, do you or anyone else know how to work around this?


On Mar 25, 2015, at 1:09 PM, Rick Miller <vmiller at hostileadmin.com> wrote:

On Wed, Mar 25, 2015 at 11:49 AM, Matthew Pherigo <hybrid120 at gmail.com>

> Hi all,
> The manpage for pw(8) says this about the -G flag:
> > The user's name is added to the group lists in /etc/group, and removed
> from any groups not specified in grouplist.
> However, when using this option on 10.1, pw decides to get creative:
> > $ sudo id -a test
> > uid=1003(test) gid=1003(test) groups=1003(test),0(wheel),69(network)
> > $ sudo pw usermod test -G network
> > $ sudo id -a test
> > uid=1003(test) gid=1003(test) groups=1003(test),0(wheel),69(network)
> This isn't the end of the creative liberties, though. When checking
> /etc/group, we find:
> > network:*:69:test,test
> pw(8) has added the 'test' user to the network group *twice*. In fact,
> when I was checking the /etc/group file, I found this little gem:
> > wheel:*:0:root,ansible,matt,matt,matt,test
> That trio of matts is the result of configuration management systems
> tripping over this strange behavior.
> Was this introduced in a recent patch? I can't imagine this has been
> around for long. Hopefully it's just a doc error!

This PR[1] describes the problem.  It includes a patch, which apparently
didn't make it into 10.1 by the looks of it probably due to a code freeze
in preparation for release.

[1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=187189

Take care
Rick Miller

More information about the freebsd-questions mailing list