users are not added to "users" group
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
adduser (Ubuntu) |
New
|
Wishlist
|
Unassigned | ||
Bug Description
This is broken behavior (bug not wish).
Current behaviour is:
The "users" group exists but is not populated (empty). When setting up a (set group ID) group directory (i.e. /home/group/users) users can not collaborate on files in that directory.
(This was originally broken because gnome-system-tools introduced its own user profiles without using adduser profiles (different config files) and disabling the EXTRA_GROUPS in adduser.conf alltogether instead of leaving the "users" group untouched.)
Changed (repaired) behaviour would be:
Users are added to the "users" group just as well when the default (private) USERGROUP scheme is used, so that group directories for "users" are functional again.
Two solutions exist to have all (regular/login) users to belong to the users group by default again:
1)
Centrally add one line to /etc/security/
*; *; *; Al0000-2400; users
2)
Add all existing users (according to adduser.conf: FIRST_UID / LAST_UID) manually/scripted to the users group and setting EXTRA_GROUPS=
There should be no security risk involved, because no files belonging to the users group are created by default and at the same time users is applied as the primary group to users when (private) USERGROUPS are disabled in /etc/adduser.conf.
The users group is generally used as a group refering to all users, and it makes the user private group scheme work as designed.
(this issue is filed in the context of https:/
No. /etc/security/ group.conf is the wrong place to set this. If we want users to also be added to the 'users' group by default, this should be done by changing the defaults in /etc/adduser.conf, not by using pam_groups.
But I don't see a compelling reason to use this additional group, since nothing else on the system references it. Since this is a rather systemic change, if you think there is a case to be made for adding users to this group, please present that case to the developer community first via the ubuntu- devel-discuss mailing list rather than in a bug report on a particular package.