Your message dated Sun, 2 Mar 2014 15:03:35 +0100 with message-id <20140302140335.GA6078@mraw.org> and subject line Re: Bug#575309: Time to stop adding the first created user to "useful" groups? has caused the Debian Bug report #575309, regarding user-setup: Should stop adding first user to device access groups to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 575309: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575309 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: user-setup: Should stop adding first user to device access groups
- From: Petter Reinholdtsen <pere@hungry.com>
- Date: Wed, 24 Mar 2010 21:23:54 +0100
- Message-id: <2fld3ytlb8l.fsf@login2.uio.no>
Package: user-setup Version: 1.28 Tags: patch In squeeze, the desktop uses consolekit and friends to grant access to devices for the user in front on the screen. This scale a lot better when there is a lot of users in LDAP or NIS that need to get access to the local devices on their own machine, but not the local devices on other peoples machine. The code in user-setup-apply to add the first user to all the groups in passwd/user-default-groups should no longer be needed. I believe it should be dropped for Squeeze, or at least the default groups used should be trimmed down to nothing. Here is a patch to remove the code. Index: user-setup-apply =================================================================== --- user-setup-apply (revision 58013) +++ user-setup-apply (working copy) @@ -125,13 +125,6 @@ $log $chroot $ROOT chown "$USER:$USER" "/home/$USER" >/dev/null || true fi - if [ -n "$USER" ]; then - db_get passwd/user-default-groups - for group in $RET; do - $log $chroot $ROOT adduser "$USER" $group >/dev/null 2>&1 || true - done - fi - db_get passwd/root-login if [ "$RET" = false ] && [ -n "$USER" ]; then # Ensure sudo is installed, and set up the user to be able Index: debian/user-setup-udeb.templates =================================================================== --- debian/user-setup-udeb.templates (revision 58013) +++ debian/user-setup-udeb.templates (working copy) @@ -16,12 +16,6 @@ Type: string Description: for internal use only -# Allow preseeding the groups to which the first created user is added -Template: passwd/user-default-groups -Type: string -Default: audio cdrom dialout floppy video plugdev netdev powerdev scanner -Description: for internal use only - Template: passwd/root-login Type: boolean Default: true Happy hacking, -- Petter Reinholdtsen
--- End Message ---
--- Begin Message ---
- To: 575309-done@bugs.debian.org
- Subject: Re: Bug#575309: Time to stop adding the first created user to "useful" groups?
- From: Cyril Brulebois <kibi@debian.org>
- Date: Sun, 2 Mar 2014 15:03:35 +0100
- Message-id: <20140302140335.GA6078@mraw.org>
- In-reply-to: <20101117193553.GJ3765@mykerinos.kheops.frmug.org>
- References: <20101117193553.GJ3765@mykerinos.kheops.frmug.org>
Christian PERRIER <bubulle@debian.org> (2010-11-17): > This issues was brought again to my attention on IRC. > > I'm tempted to accept such a change (though this is really late > now....). I don't really buy the argument of what could happen on a > "server" without consolekit: who really cares to have the first > created user have access to audio, or other hardware on a server? > > Joey raised a few objections: > > a. passwd/user-default-groups is a documented preseed variable, > so it probably needs to remain available for preseeders to use, and > the documentation will need to be updated. > > b. I'm missing the list of exactly what groups consolekit puts the > console user in, so I can't tell if we have additional groups in our consolekit is no longer maintained, so I think keeping the current status quo for now is OK. Maybe we'll revisit things if switching to systemd on linux changes a few things. But then a fresh bug report with all relevant info would be nicer than piling up stuff here. Mraw, KiBi.Attachment: signature.asc
Description: Digital signature
--- End Message ---