[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#575309: user-setup: Should stop adding first user to device access groups

Frans Pop wrote:
> I disagree with this proposed change. IMO the default group assignments are 
> in line with the purpose of the first user account.

I have three reasons to feel otherwise:

1. IIRC, the reason for adding the initial user to groups has been to provide
   a good desktop experience. See bugs #352713, #166718.
   So worrying about the first account not having hardware access when not
   at the desktop seems like scope creep.

2. Having a non-console user in groups audio and video is a straight-up
   security exposure. Anything that can be done to close that hole
   is helpful. (I don't know what the status of revoking group
   membership on logout is, but even without that, some avenues of
   exploitation are pretty well closed by not having the first user in
   the groups statically.)

3. As a matter of principle, I feel there should be nothing special
   about the first user account. We'd had to bend principle for groups
   and /etc/sudoers, but these were imperfect hacks that suffered
   from usability problems when eg, adding a second user, or upgrading
   to a new version of Debian.

Now, two issues with the patch:

a. passwd/user-default-groups is a documented preseed variable,
   so it probably needs to remain available for preseeders to use, and
   the documentation will need to be updated.

b. I'm missing the list of exactly what groups consolekit puts the
   console user in, so I can't tell if we have additional groups in our

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: