-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-9.6, rhel-10.0
-
None
-
shadow-utils-4.15.0-9.el10
-
No
-
Moderate
-
1
-
rhel-idm-zta
-
None
-
False
-
False
-
-
No
-
Red Hat Enterprise Linux
-
ZTA: RHELs for 10.2 and 9.8
-
Pass
-
Manual
-
Unspecified Release Note Type - Unknown
-
Unspecified
-
Unspecified
-
Unspecified
-
x86_64
-
None
-
-
- Bug Summary:
The `groupmod` command's `--help` output shows:
- Bug Summary:
-
-U, --users USERS list of user members of this group
However, this is *misleading. The `-U` option **does not list* users — it *replaces* the current list of members in the group with the provided list.
This could lead to *accidental removal* of existing group members by misunderstanding the help text.
-
-
- Steps to Reproduce:
1. Run: `groupmod --help`
2. Observe the line for `-U`
3. Try using `groupmod -U user1 wheel` expecting it to add user1 — it instead replaces all members
- Steps to Reproduce:
-
-
-
- Expected Behavior:
The help message should clearly state that `-U` *overwrites* the group membership.
- Expected Behavior:
-
-
-
- Suggested Fix:
Update the help text to something like:
`-U, --users USERS replace the list of user members of this group`
- Suggested Fix:
-
This makes it consistent with the actual behavior.
-
-
- Environment:
-
- RHEL 9.6
- `groupmod` from `shadow-utils`
-
-
- Impact:
Potential administrative mistakes in production environments where sysadmins might accidentally remove all group members (e.g., from `wheel`), creating access or sudo issues.
- Impact:
-
Please update the documentation/help output for clarity.
- links to
-
RHBA-2025:156717
shadow-utils update