Re: [adduser] default group for 'dynamically allocated system users'

[Marc Haber <mh+debian-devel@zugschlus.de>]

On Wed, 06 Jul 2022 15:21:03 -0400, Matt Barry <matt@hazelmollusk.org>
wrote:
>On Mon, 2022-07-04 at 09:12 +0200, Marc Haber wrote:
>> adduser has been putting newly created 'dynamically allocated system
>> users' (adduser --system) into the nogroup group. It is also
>> documented to do so. There is an ancient bug report complaining about
>> this, and I think this is a valid complaint. However,
>> /usr/share/doc/base-passwd/users-and-groups.txt.gz says that no files
>> should ever be owned by nogroup, making adduser do the right thing in
>> its current state.
>> 
>> Can you come up with a better default for users created with adduser
>> --system without requesting a dedicated group?
>
>One idea worth considering, imho, is what the reporter [0] suggests:
>make --group the default for --system.

I don't like that idea at all, it'll introduce an avalanche of new
groups. That should be in the responsibility of the individual package
maintainer.

>Sysadmin hat, I can think of situations
>where having a dedicated service group is useful (eg. giving r/o access
>to logs).

We do have the adm group for that.

Greetings
Marc
-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | 
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834