Bug#426452: marked as done (user-setup: Should allow preseeding to avoid adding initial user into local device groups)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 30 Jun 2007 06:17:04 +0000
with message-id <E1I4WGW-0004xO-O3@ries.debian.org>
and subject line Bug#426452: fixed in user-setup 1.15
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: user-setup: Should allow preseeding to avoid adding initial user into local device groups
• From: Petter Reinholdtsen <pere@hungry.com>
• Date: Mon, 28 May 2007 23:33:44 +0200
• Message-id: <2flirachbuv.fsf@saruman.uio.no>

Package:  user-setup
Version:  1.11
Severity: wishlist
Tags:     patch

In a large installation, it does not scale to add all users to the
groups granting access to local devices on each machine.  In such
configurations it is better to assign that access dynamically at
login, using the pam_group and pam_foreground pam modules.

In such setting, it is a bad idea to add the initial user to a lot of
groups, and it would be great if it was possible to preseed away the
group adding normally done in d-i.

In Debian Edu, we use pam_group and pam_foreground to grant access to
single desktop machines (what we call the standalone profile), to make
sure all users are treated the same way even if they are added later
on using adduser.  We would also prefer to be able to preseed away the
group adding.  I would recommend Debian changed its default to also
use pam_group and pam_foreground to grant access to local devices.

Here is a patch to add a hidden debconf question to disable the group
adding.  It is untested, but show the proposed change of feature.

Index: user-setup-apply
===================================================================
--- user-setup-apply	(revision 47046)
+++ user-setup-apply	(working copy)
@@ -125,9 +125,15 @@
 	fi
 
 	if [ -n "$USER" ]; then
-		for group in audio cdrom dialout floppy video plugdev netdev powerdev; do
+		db_get passwd/use_pam_group
+		if [ "$RET" = false ] ; then
+		    # Grant access to some local devices for initial
+		    # user, unless pam_group and pam_forground is used
+		    # to grant access to console users.
+		    for group in audio cdrom dialout floppy video plugdev netdev powerdev; do
 			$log $chroot $ROOT adduser "$USER" $group >/dev/null 2>&1 || true
 		done
+		fi
 	fi
 
 	db_get passwd/root-login
Index: debian/user-setup-udeb.templates
===================================================================
--- debian/user-setup-udeb.templates	(revision 47046)
+++ debian/user-setup-udeb.templates	(working copy)
@@ -16,6 +16,13 @@
 Type: string
 Description: for internal use only
 
+# Allow preseeding away the group assignement for the initial user
+# when using pam_group and pam_forground to grant local device access
+Template: passwd/use_pam_group
+Type: boolean
+Default: false
+Description: for internal use only
+
 Template: passwd/root-login
 Type: boolean
 Default: true

--- End Message ---

--- Begin Message ---

• To: 426452-close@bugs.debian.org
• Subject: Bug#426452: fixed in user-setup 1.15
• From: Christian Perrier <bubulle@debian.org>
• Date: Sat, 30 Jun 2007 06:17:04 +0000
• Message-id: <E1I4WGW-0004xO-O3@ries.debian.org>

Source: user-setup
Source-Version: 1.15

We believe that the bug you reported is fixed in the latest version of
user-setup, which is due to be installed in the Debian FTP archive:

user-setup-udeb_1.15_all.udeb
  to pool/main/u/user-setup/user-setup-udeb_1.15_all.udeb
user-setup_1.15.dsc
  to pool/main/u/user-setup/user-setup_1.15.dsc
user-setup_1.15.tar.gz
  to pool/main/u/user-setup/user-setup_1.15.tar.gz
user-setup_1.15_all.deb
  to pool/main/u/user-setup/user-setup_1.15_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 426452@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated user-setup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 29 Jun 2007 06:33:38 +0200
Source: user-setup
Binary: user-setup user-setup-udeb
Architecture: source all
Version: 1.15
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description: 
 user-setup - Set up initial user and password
 user-setup-udeb - Set up users and passwords (udeb)
Closes: 426452
Changes: 
 user-setup (1.15) unstable; urgency=low
 .
   [ Otavio Salvador ]
   * Add support to control which default groups the initial user will be
     added. Preseed it at passwd/user-default-groups. Closes: #426452
Files: 
 e68a4156ddd37b848179c914f5500c0e 755 debian-installer extra user-setup_1.15.dsc
 3b4b9a478cae6193a63fcff961e21c90 117581 debian-installer extra user-setup_1.15.tar.gz
 a375be4ae3326e39b13c2259f9fe2d33 113478 debian-installer standard user-setup-udeb_1.15_all.udeb
 84a5824c6115fe3465cc55565e06798d 119500 admin extra user-setup_1.15_all.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGhJFq1OXtrMAUPS0RAiSyAJ4wytxFA9CVTxb+wi+EklyoWkXu0ACggmZp
Fk53SGOteR0aeB3CROAMO9g=
=Qh9/
-----END PGP SIGNATURE-----

--- End Message ---