problem with AllowUsers and AllowGroups

Vesa Jääskeläinen jaaskela at tietomyrsky.fi
Fri Aug 25 22:10:50 EST 2000


I do not know have you have already fixed problem when both AllowUsers and
AllowGroups have been defined.
Source package was: openssh-2.1.1-p1 (rpm version)

Problem is described in this example:

AllowGroups admins ssh
AllowUsers  testuser

testusers primary group is users

User cannot login because his primary group wasn't admins or ssh... I have
included patch for this in this message. Hope this was way you thinked it
supposed to work.

There is also problem with following case but I am looking for fix for it.

AllowGroups admins ssh

User testuser tries to login (he is primary member of users) who is member
of group ssh. Since code only tests against primary group user can't
login.
-------------- next part --------------
diff openssh-2.1.1p4/auth.c openssh-fixed/auth.c
55a56
> 	int allow_users_ok = 0;
111a113,114
> 			{
> 				allow_users_ok = 1;
112a116
> 			}
135c139
< 		if (options.num_allow_groups > 0) {
---
> 		if ((options.num_allow_groups > 0) && (!allow_users_ok)) {


More information about the openssh-unix-dev mailing list