search for: old_gid

Aloha, I'm curious about the following code at line 203 in uidswap.c: /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); This causes permanently_set_uid to fail in the following case: $ su Password: ???????? # newgrp bin # ssh remotehost permanently_set_uid: was able...

...0000 1.44 +++ uidswap.c 22 Sep 2004 18:17:44 -0000 @@ -200,10 +200,12 @@ permanently_set_uid(struct passwd *pw) fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); #endif +#ifndef HAVE_CYGWIN /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); +#endif /* Verify GID drop was successful */ if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) { -- Corinna Vinschen Cygwin Pr...

A change was recently introduced into uidswap.c to cover the case where the user is root. The change is "&& pw->pw_uid != 0 &&". /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); My question is, should this change also be included in the setuid() call a few lines later? .....

...********************************/ @@ -287,6 +346,9 @@ } d_printf("Successully added group %s to the mapping db\n", ntgroup); + + update_users_primgroup_sid(gid, string_sid); + return 0; } @@ -303,6 +365,9 @@ int i; gid_t gid; + gid_t old_gid; + fstring usrsid = ""; + /* get the options */ for ( i=0; i<argc; i++ ) { if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) { @@ -398,6 +463,8 @@ if ( ntgroup[0] ) fstrcpy( map.nt_name, ntgroup...

...gid of a group it doesn''t go through the file system and update them with the new correct gid (at least this was the case on RHEL5 and client puppet v2.6.16 and puppetmaster 2.7.12). Now I thought that it might be possible to have puppet execute something like find /home/ -group <old_gid> | xargs chgrp groupname. However it isn''t quite that simple. First it needs to be run after the change, so I had to put it in a new stage that runs after main. After that everything was all good. I have some issues with this solution. First the find takes forever to run. I...

...Root can always change the gid/egid anyhow. So, I would like to propose the following change to 3.9p1... --- uidswap.c.orig Sun Aug 29 15:43:57 2004 +++ uidswap.c Sun Aug 29 15:44:05 2004 @@ -201,7 +201,7 @@ #endif /* Try restoration of GID if changed (test clearing of saved gid) */ - if (old_gid != pw->pw_gid && + if (old_uid && (old_gid != pw->pw_gid) && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); After this change also root can again use ssh-3.9p1. I hope this helps. Ch...

Hello All, The changing of group for the root results in the following message with OpenSSH 3.9p1 "permanently_set_uid: was able to restore old [e]gid" The following change in uidswap.c fixes me the problem. /* Try restoration of GID if changed (test clearing of saved gid) */ - if (old_gid != pw->pw_gid && + if(getgid() != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); Is there any problem with this approach? Thanks, Senthil Kumar. --- Outgoing mail is certified Virus...

> Hi, > > we are upgrading some servers from C6 to C7 with a lot of user accounts > on them (UID>=500). > CentOS 7 has MIN_UID/MIN_GID 1000, Centos 6 has 500 in login.defs. > > Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I > could just grep the users out from passwd/shadow/group files and append > them to the Centos7 passwd/shadow/group files.

the stat() on which file? On Wed, Apr 04, 2001 at 02:06:56PM +0200, Jan Just Keijser wrote: > hmmm, I found the problem and managed to fix it, but I am not sure if this > isn't broken: > > using gdb, I found that sshd fails to stat the 'authorized_keys' files, > which was in /local/home/janjust/.ssh/authorized_keys. Here were the > permissions for the directories

http://bugzilla.mindrot.org/show_bug.cgi?id=1182 Summary: uid 0, gid !=0 fools defensive check in uidswap.c Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P4 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy:

Hi, we are upgrading some servers from C6 to C7 with a lot of user accounts on them (UID>=500). CentOS 7 has MIN_UID/MIN_GID 1000, Centos 6 has 500 in login.defs. Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I could just grep the users out from passwd/shadow/group files and append them to the Centos7 passwd/shadow/group files. Can this do any damage to CentOS7 later

...+ that supports capabilities, because they may be valid + actions */ + if(sysconf(_SC_CAP != 0)) + return; + #endif /* WITH_IRIX_CAP */ + #ifndef HAVE_CYGWIN /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&

...Sep 22 04:55:21 2003 +++ openssh-3.7.1p2/uidswap.c Tue Oct 7 08:22:02 2003 @@ -143,6 +143,10 @@ void permanently_set_uid(struct passwd *pw) { +#if #system(bs2000) +#undef __func__ + static const char __func__[] = { "permanently_set_uid()" }; +#endif uid_t old_uid = getuid(); gid_t old_gid = getgid();