users are not added to "users" group (empty, broken behaviour)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NULL Project |
Fix Released
|
Undecided
|
Unassigned | ||
adduser (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: adduser
Current behaviour is:
The "users" group exists but is not populated (empty). When setting up a (set group ID) group directory (i.e. /home/group/users) users can not collaborate on files in that directory.
(This was originally broken because gnome-system-tools introduced its own user profiles without using adduser profiles (different config files) and disabling the EXTRA_GROUPS in adduser.conf alltogether instead of leaving the "users" group untouched.)
Changed (repaired) behaviour would be:
Users are added to the "users" group just as well when the default (private) USERGROUP scheme is used, so that group directories for "users" are functional again.
Two solutions exist to have all (regular/login) users to belong to the users group by default again:
1)
Centrally add one line to /etc/security/
*; *; *; Al0000-2400; users
2)
Add all existing users (according to adduser.conf: FIRST_UID / LAST_UID) manually/scripted to the users group and setting EXTRA_GROUPS=
There should be no security risk involved, because no files belonging to the users group are created by default and at the same time users is applied as the primary group to users when (private) USERGROUPS are disabled in /etc/adduser.conf.
The users group is generally used as a group refering to all users, and it makes the user private group scheme work as designed.
(this issue is filed in the context of https:/
tags: | added: patch |
Changed in adduser (Ubuntu): | |
status: | Confirmed → Fix Committed |
assignee: | nobody → martincloutier (martincloutier) |
status: | Fix Committed → Fix Released |
Attaching a simple patch that targets adduser. Please consider it for quick inclusion for the next release to stop creating broken user accounts.
* Re-enables EXTRA_GROUPS= "users" .
* Its not proposing a new behavior (change) but re-enables standard (and prior) bahaviour.
* If an admin does not want user wide collaboration (or wants it only with finer grained groups) he does not create directories owned by the users group.
For a complete fix, something like a postinst script would need to add existing users to the users group.