Bug#575309: marked as done (user-setup: Should stop adding first user to device access groups)

To: Cyril Brulebois <kibi@debian.org>
Subject: Bug#575309: marked as done (user-setup: Should stop adding first user to device access groups)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 02 Mar 2014 14:06:28 +0000
Message-id: <[🔎] handler.575309.D575309.139376901823824.ackdone@bugs.debian.org>
References: <20140302140335.GA6078@mraw.org> <2fld3ytlb8l.fsf@login2.uio.no>

Your message dated Sun, 2 Mar 2014 15:03:35 +0100
with message-id <20140302140335.GA6078@mraw.org>
and subject line Re: Bug#575309: Time to stop adding the first created user to "useful" groups?
has caused the Debian Bug report #575309,
regarding user-setup: Should stop adding first user to device access groups
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
575309: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575309
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: user-setup: Should stop adding first user to device access groups
From: Petter Reinholdtsen <pere@hungry.com>
Date: Wed, 24 Mar 2010 21:23:54 +0100
Message-id: <2fld3ytlb8l.fsf@login2.uio.no>

Package: user-setup
Version: 1.28
Tags:    patch

In squeeze, the desktop uses consolekit and friends to grant access to
devices for the user in front on the screen.  This scale a lot better
when there is a lot of users in LDAP or NIS that need to get access to
the local devices on their own machine, but not the local devices on
other peoples machine.

The code in user-setup-apply to add the first user to all the groups
in passwd/user-default-groups should no longer be needed.  I believe
it should be dropped for Squeeze, or at least the default groups used
should be trimmed down to nothing.

Here is a patch to remove the code.

Index: user-setup-apply
===================================================================
--- user-setup-apply    (revision 58013)
+++ user-setup-apply    (working copy)
@@ -125,13 +125,6 @@
                $log $chroot $ROOT chown "$USER:$USER" "/home/$USER" >/dev/null || true
        fi

-       if [ -n "$USER" ]; then
-               db_get passwd/user-default-groups
-               for group in $RET; do
-                       $log $chroot $ROOT adduser "$USER" $group >/dev/null 2>&1 || true
-               done
-       fi
-
        db_get passwd/root-login
        if [ "$RET" = false ] && [ -n "$USER" ]; then
                # Ensure sudo is installed, and set up the user to be able
Index: debian/user-setup-udeb.templates
===================================================================
--- debian/user-setup-udeb.templates    (revision 58013)
+++ debian/user-setup-udeb.templates    (working copy)
@@ -16,12 +16,6 @@
 Type: string
 Description: for internal use only

-# Allow preseeding the groups to which the first created user is added
-Template: passwd/user-default-groups
-Type: string
-Default: audio cdrom dialout floppy video plugdev netdev powerdev scanner
-Description: for internal use only
-
 Template: passwd/root-login
 Type: boolean
 Default: true

Happy hacking,
-- 
Petter Reinholdtsen

--- End Message ---

--- Begin Message ---

To: 575309-done@bugs.debian.org

Subject: Re: Bug#575309: Time to stop adding the first created user to "useful" groups?

From: Cyril Brulebois <kibi@debian.org>

Date: Sun, 2 Mar 2014 15:03:35 +0100

Message-id: <20140302140335.GA6078@mraw.org>

In-reply-to: <20101117193553.GJ3765@mykerinos.kheops.frmug.org>

References: <20101117193553.GJ3765@mykerinos.kheops.frmug.org>
Christian PERRIER <bubulle@debian.org> (2010-11-17):
> This issues was brought again to my attention on IRC.
> 
> I'm tempted to accept such a change (though this is really late
> now....). I don't really buy the argument of what could happen on a
> "server" without consolekit: who really cares to have the first
> created user have access to audio, or other hardware on a server?
> 
> Joey raised a few objections:
> 
> a. passwd/user-default-groups is a documented preseed variable,
>    so it probably needs to remain available for preseeders to use, and
>    the documentation will need to be updated.
> 
> b. I'm missing the list of exactly what groups consolekit puts the
>    console user in, so I can't tell if we have additional groups in our

consolekit is no longer maintained, so I think keeping the current
status quo for now is OK. Maybe we'll revisit things if switching to
systemd on linux changes a few things. But then a fresh bug report with
all relevant info would be nicer than piling up stuff here.

Mraw,
KiBi.
Attachment: signature.asc
Description: Digital signature

--- End Message ---

Reply to:

Prev by Date: Processed: Remove free-form versions from found lists
Next by Date: Bug#637453: marked as done (lower priority of root's password, use sudo in standard install)
Previous by thread: Processed: Remove free-form versions from found lists
Next by thread: Bug#637453: marked as done (lower priority of root's password, use sudo in standard install)
Index(es):
- Date
- Thread