David C. Rankin (2010-03-01 17:03):
On 03/01/2010 12:32 PM, jwbirdsong wrote:
Quick Question:
How do we change group information while this bug is there? Do we disable pam or do we just edit /etc/group in the interim?
Patch shadow your self w/ aforementioned gentoo patch. works fine after building w/ the patch.
Will do,
In the interim, and I know there will be howls against doing it, but I simply edited /etc/passwd and /etc/group and set the gid to what I needed. Worked fine. /etc/shadow doesn't appear to hold any group information so I think I found all the needed files. Right now it is just a one user system and subsequent to the gid change, I added the group that needed the gid with groupadd and it worked like a champ. Anybody see any "you just broke this -- stupid..." issues?
Most probably, editing /etc/group and ignoring /etc/gshadow won't break anything if you're not using group passwords (are these used by anybody?). But I would keep /etc/group and /etc/gshadow synchronized anyway. You can use /usr/sbin/vigr to edit these files by hand. If you have a working cron, you might get an e-mail telling you about problems. Try to run this as root (and look at the file contents): $ /etc/cron.daily/shadow