diff --git a/ChangeLog b/ChangeLog index 76a5cbf4..2a4e2ba7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2008-02-26 Nicolas François + + * src/gpasswd.c: Fix typo in comment. + * src/gpasswd.c: Move comment regarding FIRST_MEMBER_IS_ADMIN to + where it belongs. + * src/gpasswd.c: Indicate the end of the #ifdef FIRST_MEMBER_IS_ADMIN + section. + 2008-02-25 Nicolas François * man/po/Makefile.in.in: Use --previous when merging PO files of diff --git a/src/gpasswd.c b/src/gpasswd.c index 8a0fbbfb..89f16006 100644 --- a/src/gpasswd.c +++ b/src/gpasswd.c @@ -423,12 +423,17 @@ static void check_perms (const struct group *gr) #ifdef FIRST_MEMBER_IS_ADMIN /* - * The policy here for changing a group is that 1) you must bes root + * The policy here for changing a group is that 1) you must be root * or 2) you must be the first listed member of the group. The * first listed member of a group can do anything to that group that * the root user can. The rationale for this hack is that the FIRST * user is probably the most important user in this entire group. */ + /* + * This feature enabled by default could be a security problem when + * installed on existing systems where the first group member might + * be just a normal user. --marekm + */ if (!amroot) { if (gr->gr_mem[0] == (char *) 0) { #ifdef WITH_AUDIT @@ -446,12 +451,7 @@ static void check_perms (const struct group *gr) failure (); } } -#else - /* - * This feature enabled by default could be a security problem when - * installed on existing systems where the first group member might - * be just a normal user. --marekm - */ +#else /* ! FIRST_MEMBER_IS_ADMIN */ if (!amroot) { #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog,