Re: default group issue

To: Kenshi Muto <kmuto@debian.org>, kcr@debian.org, Roland Bauerschmidt <rb@debian.org>
Cc: debian-boot@lists.debian.org
Subject: Re: default group issue
From: Joey Hess <joeyh@debian.org>
Date: Sun, 28 Mar 2004 23:40:36 -0500
Message-id: <[🔎] 20040329044035.GK13596@kitenet.net>
Mail-followup-to: Kenshi Muto <kmuto@debian.org>, kcr@debian.org, Roland Bauerschmidt <rb@debian.org>, debian-boot@lists.debian.org
In-reply-to: <[🔎] 20040329030832.0D97C22304D@mail.topstudio.co.jp>
References: <[🔎] 20040329030832.0D97C22304D@mail.topstudio.co.jp>

Kenshi Muto wrote:
> I'm thinking Bug#166718 (add initial user to useful groups).
> This bug looks be rejected by maintainer, but we know many novice
> users complain us 'why can't I play sound? / use CD-ROM / access my
> modem / blah, blah...'. Sigh.
> 
> Modifying shadow is rejected currently, but how about to support this
> feature by base-config passwd menu?

It doesn't sound to me like Karl has rejected it out of hand:

Karl Ramm wrote:
> This doesn't make the situation any less confusing, this just puts the
> confusion earlier in the install and setup process.
> 
> This needs a better list of initial groups, that it *doesn't* ask the user
> about, (maybe it mentions them), and the obvious, documented way of adding
> new users needs a flag for "console user".

So he just wants some infrastructure around this. That seems reasonable.
How about something like this:

  - Add to adduser.conf a CONSOLEGROUPS variable, defaulting to 
    CONSOLEGROUPS="audio cdrom dialout floppy video"
  - Add a --console-user flag to adduser, which creates the user in
    that set of groups.
  - Make passwd's config script pass --console-user when calling adduser.

Of course we'll need Roland Bauerschmidt to decide about the adduser
changes. A preliminary adduser patch is attached.

(Now, in the meantime, I'd not mind putting a quick fix in base-config, 
but only if we have plans to do the real fix and later back that out.)

-- 
see shy jo

diff -ur old/adduser-3.51/adduser adduser-3.51/adduser
--- old/adduser-3.51/adduser	2003-08-28 15:13:28.000000000 -0400
+++ adduser-3.51/adduser	2004-03-28 23:35:38.000000000 -0500
@@ -32,7 +32,7 @@
 #
 #  adduser [--home DIR] [--shell SHELL] [--uid ID] [--firstuid ID]
 #  [--lastuid ID] [--ingroup GROUP | --gid ID] [--disabled-password]
-#  [--disabled-login] [--gecos GECOS] [--no-create-home] user
+#  [--disabled-login] [--gecos GECOS] [--no-create-home] [--console-user] user
 #      add a normal user to the system
 #      example: adduser fred
 #      $action = "adduser"
@@ -95,6 +95,7 @@
 $verbose = 1;			# should we be verbose?
 $allow_badname = 0;		# should we allow bad names?
 $ask_passwd = 1;		# ask for a passwd?
+$console_user = 0;		# add to consolegroups?
 
 $defaults = "/etc/adduser.conf";
 $nogroup_id = getgrnam("nogroup") || 65534;
@@ -118,6 +119,7 @@
 $config{"quotauser"} = "";
 $config{"dir_mode"} = "0755";
 $config{"setgid_home"} = "no";
+$config{"consolegroups"} = "";
 
 $action = $0 eq "addgroup" ? "addgroup" : "adduser";
 
@@ -183,6 +185,8 @@
 	$no_create_home = 1;
     } elsif ($arg eq "--debug") {
 	$debugging = 1;
+    } elsif ($arg eq "--console-user") {
+	$console_user = 1;
     } elsif ($arg =~ /^--/) {	# bad argument!
 	dief (_("Unknown argument `%s'.\n"),$arg);
     } else {			# it's a username
@@ -500,10 +504,17 @@
 
     printf _("Adding new user %s (%s) with group %s.\n"),$new_name,$new_uid,$ingroup_name
 	if $verbose;
+    if ($console_user && length($config{"consolegroups"})) {
+	printf _("Console user is also in groups: %s.\n"),$config{"consolegroups"}
+	    if $verbose;
+	$suppgroups=$config{"consolegroups"};
+	$suppgroups=~s/\s+/,/g;
+	@suppgroups=("-G", $suppgroups)
+    }
     $home_dir = $special_home || &homedir($new_name, $ingroup_name);
 	$shell = $special_shell || $config{"dshell"};
     $undouser = $new_name;
-    &systemcall('/usr/sbin/useradd', '-d', $home_dir, '-g', $ingroup_name, '-s',
+    &systemcall('/usr/sbin/useradd', '-d', $home_dir, '-g', $ingroup_name, @suppgroups, '-s',
 		$shell, '-u', $new_uid, $new_name);
     &invalidate_nscd();
 
@@ -786,7 +797,7 @@
     printf _(
 "adduser [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
 [--firstuid ID] [--lastuid ID] [--gecos GECOS] [--ingroup GROUP | --gid ID]
-[--disabled-password] [--disabled-login] user
+[--disabled-password] [--disabled-login] [--console-user] user
    Add a normal user
 
 adduser --system [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
diff -ur old/adduser-3.51/adduser.conf adduser-3.51/adduser.conf
--- old/adduser-3.51/adduser.conf	2003-08-28 15:13:28.000000000 -0400
+++ adduser-3.51/adduser.conf	2004-03-28 23:23:38.000000000 -0500
@@ -48,6 +48,11 @@
 # `users' (or the equivalent group) on your system.
 USERS_GID=100
 
+# The CONSOLEGROUPS variable is a space separated list of groups.  Users
+# who are local to the console will be created as members of each of the
+# listed groups, if adduser is run with the --console-user option.
+CONSOLEGROUPS="audio cdrom dialout floppy video"
+
 # If QUOTAUSER is set, a default quota will be set from that user with
 # `edquota -p QUOTAUSER newuser'
 QUOTAUSER=""
diff -ur old/adduser-3.51/doc/adduser.8 adduser-3.51/doc/adduser.8
--- old/adduser-3.51/doc/adduser.8	2003-08-28 15:13:28.000000000 -0400
+++ adduser-3.51/doc/adduser.8	2004-03-28 23:39:33.000000000 -0500
@@ -10,7 +10,7 @@
 .SH NAME
 adduser, addgroup \- add a user or group to the system
 .SH SYNOPSIS
-.BR adduser " [options] [\-\-home DIR] [\-\-shell SHELL] [--no-create-home] [\-\-uid ID] [\-\-firstuid ID] [\-\-lastuid ID] [\-\-ingroup GROUP | \-\-gid ID] [--disabled-password] [--disabled-login] [--gecos GECOS] user"
+.BR adduser " [options] [\-\-home DIR] [\-\-shell SHELL] [--no-create-home] [\-\-uid ID] [\-\-firstuid ID] [\-\-lastuid ID] [\-\-ingroup GROUP | \-\-gid ID] [--disabled-password] [--disabled-login] [--console-user] [--gecos GECOS] user"
 .PP
 .BR adduser " \-\-system [options] [\-\-home DIR] [\-\-shell SHELL] [--no-create-home] [\-\-uid ID] [\-\-group | \-\-ingroup GROUP | \-\-gid ID] [--disabled-password] [--disabled-login] [--gecos GECOS] user"
 .PP
@@ -97,7 +97,13 @@
 password is set. The
 .B \-\-disabled-password
 option will not set a password, but login are still possible for example
-through SSH RSA keys.
+through SSH RSA keys. 
+
+The
+.B \-\-console-user
+option may be used to indicate that the user has physical access to the
+console, and should be a member of the groups specified in the CONSOLEUSERS
+variavble in adduser.conf (such as cdrom and audio).
 
 If the file
 .B /usr/local/sbin/adduser.local
diff -ur old/adduser-3.51/doc/adduser.conf.5 adduser-3.51/doc/adduser.conf.5
--- old/adduser-3.51/doc/adduser.conf.5	2003-08-28 15:13:28.000000000 -0400
+++ adduser-3.51/doc/adduser.conf.5	2004-03-28 23:24:55.000000000 -0500
@@ -82,6 +82,11 @@
 default value is
 .IR 100 .
 .TP
+\fBCONSOLEGROUPS\fP
+The \fBCONSOLEGROUPS\fP variable is a space separated list of groups.  Users
+who are local to the console will be created as members of each of the
+listed groups, if adduser is run with the --console-user option.
+.TP
 \fBQUOTAUSER\fP
 If set to a nonempty value, new users will have quotas copied from
 that user.  The default is empty.

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: default group issue
  - From: Kenshi Muto <kmuto@debian.org>
- Re: default group issue
  - From: Roland Bauerschmidt <rb@debian.org>

References:
- default group issue
  - From: Kenshi Muto <kmuto@debian.org>

Prev by Date: Bug#240760: Successful report on Rebel Netwinder (ARM)
Next by Date: linux-kernel-di-powerpc_0.55_powerpc.changes ACCEPTED
Previous by thread: default group issue
Next by thread: Re: default group issue
Index(es):
- Date
- Thread