Thanks for looking into this. I can confirm that it works as expected after adding the upstream PAM file.
Can't say what would be the best approach here, but I agree that fixing the issue might bring with it security issues, particularly if the binary is also installed as setuid-root, which is, as far as I can tell, also required for full functionality. The bug was already reported to Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004472 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/2039541 Title: groupmems prompts for password when run as sudo/root Status in shadow package in Ubuntu: New Status in shadow package in Debian: Unknown Bug description: When trying to clear users from a group using the groupmems command, the user is always prompted for the root's password, even when running as root or via sudo: (as root) # addgroup testgroup # groupmems -g testgroup -p Password: (via sudo) # sudo addgroup testgroup # sudo groupmems -g testgroup -p Password: I'm not sure if this is desired behavior, but I would expect this command to work without the root password. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2039541/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
