Hi Serge, i did a few more tests, see the logging of the console.
Findings: - groupmems expects the password of the user who wants to add another user to his group (as You found out too) - groupmems does not accept the group password for his primary group - groupmems fails in case the binary has only set the setgid bit. Although man groupmems tells that this would be one of the preconditions for usage (problem with locking /etc/group) - groupmems works in case the binary has the setuid bit set (as You found out too) Best regards Markus
Script started on 2022-02-17 11:04:39+01:00 [TERM="linux" TTY="/dev/tty2" COLUMNS="80" LINES="25"] [?2004htester2@lune:~$ grep tester2 /etc/group [?2004l tester2:x:1001: groups:x:998:tester2 [?2004htester2@lune:~$ groups [?2004l tester2 groups [?2004htester2@lune:~$ /usr/sbin/groupmems -a tester3 [?2004l Passwort: #input of group password groupmems: PAM: Fehler bei Authentifizierung #group password rejected [?2004htester2@lune:~$ /usr/sbin/groupmems -a tester3 [?2004l Passwort: groupmems: Permission denied. groupmems: /etc/group konnte nicht gesperrt werden; versuchen Sie es später noch einmal. [?2004htester2@lune:~$ ls -l /usr/sbin/groupmems [?2004l -rwx--s--- 1 root groups 66104 7. Feb 2020 /usr/sbin/groupmems [?2004htester2@lune:~$ ls -l /etc/group [?2004l -rw-r--r-- 1 root root 967 17. Feb 10:49 /etc/group #change group of file group [?2004htester2@lune:~$ ls -l /etc/group [?2004l -rw-rw-r-- 1 root groups 967 17. Feb 10:49 /etc/group [?2004htester2@lune:~$ /usr/sbin/groupmems -a tester3 [?2004l Passwort: #input of password of tester2 groupmems: Permission denied. groupmems: /etc/group konnte nicht gesperrt werden; versuchen Sie es später noch einmal. [?2004htester2@lune:~$ /usr/sbin/groupmems -a tester3 [?2004l Passwort: #input of group password for groups groupmems: PAM: Fehler bei Authentifizierung [?2004htester2@lune:~$ exit [?2004l exit Script done on 2022-02-17 11:20:08+01:00 [COMMAND_EXIT_CODE="1"] Script started on 2022-02-17 11:32:19+01:00 [TERM="linux" TTY="/dev/tty2" COLUMNS="80" LINES="25"] #setgid bit was remove, setuid bit was set for executable groupmems [?2004htester2@lune:~$ -l[K[Kls -l /usr/sbin/groupmems [?2004l -rws--x--- 1 root groups 66104 7. Feb 2020 /usr/sbin/groupmems [?2004htester2@lune:~$ /usr/sbin/groupmems -a tester3 [?2004l Passwort: #input of password for tester2 [?2004htester2@lune:~$ /usr/sbin/groupmems -a tester3 [?2004l Passwort: #input of group password for groups groupmems: PAM: Fehler bei Authentifizierung [?2004htester2@lune:~$ grep tester2 /etc/group [?2004l tester2:x:1001:tester3 groups:x:998:tester2 [?2004htester2@lune:~$ exit [?2004l exit Script done on 2022-02-17 11:42:48+01:00 [COMMAND_EXIT_CODE="0"]