On Tue, 31 Jul 2001, Terry Lambert wrote:
> The reason for this is that the pam code for doing the enforcement
> is being trusted utterly. In the past, we would consider both
> the primary group (the group from the passwd file entry), and the
> auxillary groups (the groups from the groups file entries, if any),
> as synonymous. With the pam code being used, we no longer consider
> the primary group to be on the same par as the groups file entries.
I can pin this down at r1.26 of su.c
(Mon May 25 03:34:52 1998 UTC (3 years, 2 months ago) by steve)
Prior to this date only appearance in /etc/group was considered.
The change occurred in response to PR bin/6696
Like terry, I prefer the semantics whereby the users primary
group is considered. Three years of precedent should be sufficient
to have this change to pam_wheel.c, I hope, before PAM use in su
is MFC'd.
I have just entered a PR on this.
cc'd to: markm
Joshua
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
