--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: user-setup: Should allow preseeding to avoid adding initial user into local device groups
- From: Petter Reinholdtsen <pere@hungry.com>
- Date: Mon, 28 May 2007 23:33:44 +0200
- Message-id: <2flirachbuv.fsf@saruman.uio.no>
Package: user-setup
Version: 1.11
Severity: wishlist
Tags: patch
In a large installation, it does not scale to add all users to the
groups granting access to local devices on each machine. In such
configurations it is better to assign that access dynamically at
login, using the pam_group and pam_foreground pam modules.
In such setting, it is a bad idea to add the initial user to a lot of
groups, and it would be great if it was possible to preseed away the
group adding normally done in d-i.
In Debian Edu, we use pam_group and pam_foreground to grant access to
single desktop machines (what we call the standalone profile), to make
sure all users are treated the same way even if they are added later
on using adduser. We would also prefer to be able to preseed away the
group adding. I would recommend Debian changed its default to also
use pam_group and pam_foreground to grant access to local devices.
Here is a patch to add a hidden debconf question to disable the group
adding. It is untested, but show the proposed change of feature.
Index: user-setup-apply
===================================================================
--- user-setup-apply (revision 47046)
+++ user-setup-apply (working copy)
@@ -125,9 +125,15 @@
fi
if [ -n "$USER" ]; then
- for group in audio cdrom dialout floppy video plugdev netdev powerdev; do
+ db_get passwd/use_pam_group
+ if [ "$RET" = false ] ; then
+ # Grant access to some local devices for initial
+ # user, unless pam_group and pam_forground is used
+ # to grant access to console users.
+ for group in audio cdrom dialout floppy video plugdev netdev powerdev; do
$log $chroot $ROOT adduser "$USER" $group >/dev/null 2>&1 || true
done
+ fi
fi
db_get passwd/root-login
Index: debian/user-setup-udeb.templates
===================================================================
--- debian/user-setup-udeb.templates (revision 47046)
+++ debian/user-setup-udeb.templates (working copy)
@@ -16,6 +16,13 @@
Type: string
Description: for internal use only
+# Allow preseeding away the group assignement for the initial user
+# when using pam_group and pam_forground to grant local device access
+Template: passwd/use_pam_group
+Type: boolean
+Default: false
+Description: for internal use only
+
Template: passwd/root-login
Type: boolean
Default: true
--- End Message ---
--- Begin Message ---
Source: user-setup
Source-Version: 1.15
We believe that the bug you reported is fixed in the latest version of
user-setup, which is due to be installed in the Debian FTP archive:
user-setup-udeb_1.15_all.udeb
to pool/main/u/user-setup/user-setup-udeb_1.15_all.udeb
user-setup_1.15.dsc
to pool/main/u/user-setup/user-setup_1.15.dsc
user-setup_1.15.tar.gz
to pool/main/u/user-setup/user-setup_1.15.tar.gz
user-setup_1.15_all.deb
to pool/main/u/user-setup/user-setup_1.15_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 426452@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated user-setup package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 29 Jun 2007 06:33:38 +0200
Source: user-setup
Binary: user-setup user-setup-udeb
Architecture: source all
Version: 1.15
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description:
user-setup - Set up initial user and password
user-setup-udeb - Set up users and passwords (udeb)
Closes: 426452
Changes:
user-setup (1.15) unstable; urgency=low
.
[ Otavio Salvador ]
* Add support to control which default groups the initial user will be
added. Preseed it at passwd/user-default-groups. Closes: #426452
Files:
e68a4156ddd37b848179c914f5500c0e 755 debian-installer extra user-setup_1.15.dsc
3b4b9a478cae6193a63fcff961e21c90 117581 debian-installer extra user-setup_1.15.tar.gz
a375be4ae3326e39b13c2259f9fe2d33 113478 debian-installer standard user-setup-udeb_1.15_all.udeb
84a5824c6115fe3465cc55565e06798d 119500 admin extra user-setup_1.15_all.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGhJFq1OXtrMAUPS0RAiSyAJ4wytxFA9CVTxb+wi+EklyoWkXu0ACggmZp
Fk53SGOteR0aeB3CROAMO9g=
=Qh9/
-----END PGP SIGNATURE-----
--- End Message ---