Kenshi Muto wrote: > I'm thinking Bug#166718 (add initial user to useful groups). > This bug looks be rejected by maintainer, but we know many novice > users complain us 'why can't I play sound? / use CD-ROM / access my > modem / blah, blah...'. Sigh. > > Modifying shadow is rejected currently, but how about to support this > feature by base-config passwd menu? It doesn't sound to me like Karl has rejected it out of hand: Karl Ramm wrote: > This doesn't make the situation any less confusing, this just puts the > confusion earlier in the install and setup process. > > This needs a better list of initial groups, that it *doesn't* ask the user > about, (maybe it mentions them), and the obvious, documented way of adding > new users needs a flag for "console user". So he just wants some infrastructure around this. That seems reasonable. How about something like this: - Add to adduser.conf a CONSOLEGROUPS variable, defaulting to CONSOLEGROUPS="audio cdrom dialout floppy video" - Add a --console-user flag to adduser, which creates the user in that set of groups. - Make passwd's config script pass --console-user when calling adduser. Of course we'll need Roland Bauerschmidt to decide about the adduser changes. A preliminary adduser patch is attached. (Now, in the meantime, I'd not mind putting a quick fix in base-config, but only if we have plans to do the real fix and later back that out.) -- see shy jo
diff -ur old/adduser-3.51/adduser adduser-3.51/adduser --- old/adduser-3.51/adduser 2003-08-28 15:13:28.000000000 -0400 +++ adduser-3.51/adduser 2004-03-28 23:35:38.000000000 -0500 @@ -32,7 +32,7 @@ # # adduser [--home DIR] [--shell SHELL] [--uid ID] [--firstuid ID] # [--lastuid ID] [--ingroup GROUP | --gid ID] [--disabled-password] -# [--disabled-login] [--gecos GECOS] [--no-create-home] user +# [--disabled-login] [--gecos GECOS] [--no-create-home] [--console-user] user # add a normal user to the system # example: adduser fred # $action = "adduser" @@ -95,6 +95,7 @@ $verbose = 1; # should we be verbose? $allow_badname = 0; # should we allow bad names? $ask_passwd = 1; # ask for a passwd? +$console_user = 0; # add to consolegroups? $defaults = "/etc/adduser.conf"; $nogroup_id = getgrnam("nogroup") || 65534; @@ -118,6 +119,7 @@ $config{"quotauser"} = ""; $config{"dir_mode"} = "0755"; $config{"setgid_home"} = "no"; +$config{"consolegroups"} = ""; $action = $0 eq "addgroup" ? "addgroup" : "adduser"; @@ -183,6 +185,8 @@ $no_create_home = 1; } elsif ($arg eq "--debug") { $debugging = 1; + } elsif ($arg eq "--console-user") { + $console_user = 1; } elsif ($arg =~ /^--/) { # bad argument! dief (_("Unknown argument `%s'.\n"),$arg); } else { # it's a username @@ -500,10 +504,17 @@ printf _("Adding new user %s (%s) with group %s.\n"),$new_name,$new_uid,$ingroup_name if $verbose; + if ($console_user && length($config{"consolegroups"})) { + printf _("Console user is also in groups: %s.\n"),$config{"consolegroups"} + if $verbose; + $suppgroups=$config{"consolegroups"}; + $suppgroups=~s/\s+/,/g; + @suppgroups=("-G", $suppgroups) + } $home_dir = $special_home || &homedir($new_name, $ingroup_name); $shell = $special_shell || $config{"dshell"}; $undouser = $new_name; - &systemcall('/usr/sbin/useradd', '-d', $home_dir, '-g', $ingroup_name, '-s', + &systemcall('/usr/sbin/useradd', '-d', $home_dir, '-g', $ingroup_name, @suppgroups, '-s', $shell, '-u', $new_uid, $new_name); &invalidate_nscd(); @@ -786,7 +797,7 @@ printf _( "adduser [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID] [--firstuid ID] [--lastuid ID] [--gecos GECOS] [--ingroup GROUP | --gid ID] -[--disabled-password] [--disabled-login] user +[--disabled-password] [--disabled-login] [--console-user] user Add a normal user adduser --system [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID] diff -ur old/adduser-3.51/adduser.conf adduser-3.51/adduser.conf --- old/adduser-3.51/adduser.conf 2003-08-28 15:13:28.000000000 -0400 +++ adduser-3.51/adduser.conf 2004-03-28 23:23:38.000000000 -0500 @@ -48,6 +48,11 @@ # `users' (or the equivalent group) on your system. USERS_GID=100 +# The CONSOLEGROUPS variable is a space separated list of groups. Users +# who are local to the console will be created as members of each of the +# listed groups, if adduser is run with the --console-user option. +CONSOLEGROUPS="audio cdrom dialout floppy video" + # If QUOTAUSER is set, a default quota will be set from that user with # `edquota -p QUOTAUSER newuser' QUOTAUSER="" diff -ur old/adduser-3.51/doc/adduser.8 adduser-3.51/doc/adduser.8 --- old/adduser-3.51/doc/adduser.8 2003-08-28 15:13:28.000000000 -0400 +++ adduser-3.51/doc/adduser.8 2004-03-28 23:39:33.000000000 -0500 @@ -10,7 +10,7 @@ .SH NAME adduser, addgroup \- add a user or group to the system .SH SYNOPSIS -.BR adduser " [options] [\-\-home DIR] [\-\-shell SHELL] [--no-create-home] [\-\-uid ID] [\-\-firstuid ID] [\-\-lastuid ID] [\-\-ingroup GROUP | \-\-gid ID] [--disabled-password] [--disabled-login] [--gecos GECOS] user" +.BR adduser " [options] [\-\-home DIR] [\-\-shell SHELL] [--no-create-home] [\-\-uid ID] [\-\-firstuid ID] [\-\-lastuid ID] [\-\-ingroup GROUP | \-\-gid ID] [--disabled-password] [--disabled-login] [--console-user] [--gecos GECOS] user" .PP .BR adduser " \-\-system [options] [\-\-home DIR] [\-\-shell SHELL] [--no-create-home] [\-\-uid ID] [\-\-group | \-\-ingroup GROUP | \-\-gid ID] [--disabled-password] [--disabled-login] [--gecos GECOS] user" .PP @@ -97,7 +97,13 @@ password is set. The .B \-\-disabled-password option will not set a password, but login are still possible for example -through SSH RSA keys. +through SSH RSA keys. + +The +.B \-\-console-user +option may be used to indicate that the user has physical access to the +console, and should be a member of the groups specified in the CONSOLEUSERS +variavble in adduser.conf (such as cdrom and audio). If the file .B /usr/local/sbin/adduser.local diff -ur old/adduser-3.51/doc/adduser.conf.5 adduser-3.51/doc/adduser.conf.5 --- old/adduser-3.51/doc/adduser.conf.5 2003-08-28 15:13:28.000000000 -0400 +++ adduser-3.51/doc/adduser.conf.5 2004-03-28 23:24:55.000000000 -0500 @@ -82,6 +82,11 @@ default value is .IR 100 . .TP +\fBCONSOLEGROUPS\fP +The \fBCONSOLEGROUPS\fP variable is a space separated list of groups. Users +who are local to the console will be created as members of each of the +listed groups, if adduser is run with the --console-user option. +.TP \fBQUOTAUSER\fP If set to a nonempty value, new users will have quotas copied from that user. The default is empty.
Attachment:
signature.asc
Description: Digital signature