* NEWS, src/groupmems.c: Allow everybody to list the users of a group.

	This information is publicly available in /etc/group.
	* NEWS, src/groupmems.c: Open /etc/group read only for the -l option.

diff --git a/ChangeLog b/ChangeLog
index 04bdeecefcb5fb2fb1cef22a351b4540482c0774..e1ae8050a560bec9c98f59d5e3fa3fb6a1d8c7f3 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-07-27  Nicolas François  <nicolas.francois@centraliens.net>
+
+       * NEWS, src/groupmems.c: Allow everybody to list the users of a group.
+       This information is publicly available in /etc/group.
+       * NEWS, src/groupmems.c: Open /etc/group read only for the -l option.
+
 2008-07-27  Nicolas François  <nicolas.francois@centraliens.net>
 
        * man/groupmems.8.xml: Sort options alphabetically.

diff --git a/NEWS b/NEWS
index a5d061829caf09b40e06c2235b3c1c78785a2d73..18d466abe97bd70523f5becf37eb94968e895cfc 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,9 @@ shadow-4.1.2.1 -> shadow-4.1.3                                                UNRELEASED
 - groupmems
   * Check if user exist before they are added to groups.
   * Avoid segfault in case the specified group does not exist in /etc/group.
+  * Everybody is allowed to list the users of a group.
+  * /etc/group is open readonly when one just wants to list the users of a
+    group.
 
 shadow-4.1.2 -> shadow-4.1.2.1                                         26-06-2008
 

diff --git a/src/groupmems.c b/src/groupmems.c
index 43c7393f1320b9e933dc65b94ec5d065c2d300ab..05e15be1903e13ee7258aa2f44810dd8925eb34d 100644 (file)
--- a/src/groupmems.c
+++ b/src/groupmems.c
@@ -214,7 +214,7 @@ static void fail_exit (int code)
        exit (code);
 }
 
-int main (int argc, char **argv) 
+void main (int argc, char **argv) 
 {
        char *name;
        struct group *grp;
@@ -232,27 +232,30 @@ int main (int argc, char **argv)
 
        if (NULL == thisgroup) {
                name = whoami ();
-               if (NULL == name) {
+               if (!list && (NULL == name)) {
                        fprintf (stderr, _("%s: your groupname does not match your username\n"), Prog);
                        fail_exit (EXIT_NOT_PRIMARY);
                }
        } else {
                name = thisgroup;
-               if (!isroot ()) {
+               if (!list && !isroot ()) {
                        fprintf (stderr, _("%s: only root can use the -g/--group option\n"), Prog);
                        fail_exit (EXIT_NOT_ROOT);
                }
        }
 
-       check_perms ();
+       if (!list) {
+               check_perms ();
 
-       if (!gr_lock ()) {
-               fprintf (stderr, _("%s: unable to lock group file\n"), Prog);
-               fail_exit (EXIT_GROUP_FILE);
+               if (!gr_lock ()) {
+                       fprintf (stderr,
+                                _("%s: unable to lock group file\n"), Prog);
+                       fail_exit (EXIT_GROUP_FILE);
+               }
+               group_locked = true;
        }
-       group_locked = true;
 
-       if (!gr_open (O_RDWR)) {
+       if (!gr_open (list ? O_RDONLY : O_RDWR)) {
                fprintf (stderr, _("%s: unable to open group file\n"), Prog);
                fail_exit (EXIT_GROUP_FILE);
        }
@@ -265,7 +268,9 @@ int main (int argc, char **argv)
                fail_exit (EXIT_INVALID_GROUP);
        }
 
-       if (NULL != adduser) {
+       if (list) {
+               members (grp->gr_mem);
+       } else if (NULL != adduser) {
                if (is_on_list (grp->gr_mem, adduser)) {
                        fprintf (stderr,
                                 _("%s: user `%s' is already a member of `%s'\n"),
@@ -286,8 +291,6 @@ int main (int argc, char **argv)
        } else if (purge) {
                grp->gr_mem[0] = NULL;
                gr_update (grp);
-       } else if (list) {
-               members (grp->gr_mem);
        }
 
        if (!gr_close ()) {
@@ -295,10 +298,6 @@ int main (int argc, char **argv)
                fail_exit (EXIT_GROUP_FILE);
        }
 
-       if (gr_unlock () == 0) {
-               fprintf (stderr, _("%s: unable to unlock group file\n"), Prog);
-       }
-
-       exit (EXIT_SUCCESS);
+       fail_exit (EXIT_SUCCESS);
 }