Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!mips!pacbell.com!tandem!zorch!vsi1!teda!netcomsv!bobb
From: bobb@netcom.COM (Bob Beaulieu)
Newsgroups: comp.unix.xenix.sco
Subject: PROBLEM WITH MKUSER - SECURITY
Keywords: WARNING SCO
Message-ID: <1991Apr30.064959.1532@netcom.COM>
Date: 30 Apr 91 06:49:59 GMT
Sender: netnews@netcom.COM (USENET Administration)
Organization: Netcom - Online Communication Services  UNIX System {408 241-9760 guest}
Lines: 30

I have a client that had a lot of users (80+) in the same group "group1"
and added '\' to allow entry of ALL of these users because of limits in
line lengths.

Each time he runs the mkuser program provides by sco, the program edits
the group file and adds:

::0::  name1, name2, name3, name4, name5, name6, ... name20
::0::  name21, name22, name23, ... namexx

All these users now have to do is type:

newgrp root 

and just about everything is at the hands!

I have been able to verify this on other 386 2.3 sco boxes. The old
group file is renamed to "group-".

Any comments?????
bobb

-- 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|                              Bob Beaulieu                            |
|                              San Jose, CA.                           |
|                             (408) 723-0556                           | 
|                             bobb@netcom.com                          |
|                   {apple,amdahl,claris}!netcom!bobb                  |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~