Summary

SuSE Linux allows user to newgrp to a group with an empty password even if they are not a member of that group

Issue

On SuSE Linux, the newgrp command allows a user to do newgrp to any group which has an empty password field in the /etc/group file, even if the user is not a member of the group.

This is an issue in BoKS since BoKS creates groups with an empty password field when secondary groups are supported.

Resolution / Workaround

Install the hotfix HFBM-0018 from the HelpSystems Community Portal.

This hotfix causes BoKS to put an 'x' in the password field in the group file when creating a group, eliminating this issue.

Alternatively this issue can also be resolved by upgrading to BoKS Manager / BoKS Server Agent for Unix / Linux 6.7.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018