Nice find. My guess is that the Debian maintainer forgot to include the pam.d configuration file supplied by upstream when this new tool was included:
- https://github.com/shadow-maint/shadow/blob/master/etc/pam.d/groupmems - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663117 We could decide either to: - support the tool properly and include the pam.d file - drop the tool entirely because we've made it this far without anyone noticing, and we made it several decades before someone wrote the tool in the first place - ignore it entirely because it doesn't seem to be hurting anything as it is Properly including the tool might bring with it any security problems that it might have. Leaving it alone probably doesn't bring security problems. In any event we should also file a bug with Debian so they can make a decision, too. Thanks ** Bug watch added: Debian Bug tracker #663117 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663117 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/2039541 Title: groupmems prompts for password when run as sudo/root Status in shadow package in Ubuntu: New Bug description: When trying to clear users from a group using the groupmems command, the user is always prompted for the root's password, even when running as root or via sudo: (as root) # addgroup testgroup # groupmems -g testgroup -p Password: (via sudo) # sudo addgroup testgroup # sudo groupmems -g testgroup -p Password: I'm not sure if this is desired behavior, but I would expect this command to work without the root password. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2039541/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
