From: <bu...@pr...> - 2001-02-01 00:25:24
|
http://bugs.proftpd.net/show_bug.cgi?id=450 *** shadow/450 Tue Jan 30 18:50:59 2001 --- shadow/450.tmp.1133 Tue Jan 30 18:50:59 2001 *************** *** 0 **** --- 1,51 ---- + +============================================================================+ + | group member list ignored with AuthGroupFile | + +----------------------------------------------------------------------------+ + | Bug #: 450 Product: ProFTPD | + | Status: NEW Version: 1.2.0rc2 | + | Resolution: Platform: Sun | + | Severity: major OS/Version: Solaris | + | Priority: P2 Component: mod_auth | + +----------------------------------------------------------------------------+ + | Assigned To: pro...@pr... | + | Reported By: ben...@td... | + | CC list: Cc: | + +----------------------------------------------------------------------------+ + | URL: | + +============================================================================+ + | DESCRIPTION | + I'm using AuthUserFile and AuthGroupFile in a virtual host. The AuthUserFile + directive works as expected. The AuthGroupFile directive is partially broken. + + When creating or deleting files in a group-writable directory, only those + users with a primary group matching the group ownership of the directory can + create or delete files there. Users in the group membership list are ignored. + + For example, I have the following enties in my proftpd.group file (pointed to + by the AuthGroupFile directive): + + remedy:*:150:testuser + testgrp:*:2323: + + The entry for testuser in the proftpd.passwd file (pointed to by the + AuthUserFile directive) looks like this: + + testuser:JZicpu1V/iZgY:2323:2323:Test Account:/appl/ftp/users:/bin/ksh + + So the primary group for "testuser" is 2323 (testgrp) and this user is also part + of the "remedy" group because it's listed in the member list of that group. + + So, if I have a directory like this: + + drwxrwsr-x 2 root remedy 4096 Jan 30 15:13 remedy + + The testuser should be able to create and delete files within it. But for some + reason when I try to do this I get "Permission denied." + + Something interesting to note: If I create the same group in /etc/group or the + NIS group file, the member list is recognized. So it appears that the code that + authenticates group memberships only checks the user's primary group, and + ignores groups the user may be apart of by a member list. + + Let me know if this doesn't make sence. I'd be glad to help debug this further + if need be. \ No newline at end of file -- To unsubscribe, send mail to pro...@pr... with "unsubscribe" in the subject field of the message. http://www.proftpd.net -- The Official ProFTPD web site. http://bugs.proftpd.net -- Bug reporting and feature requests. |