users-admin profiles default to force [GU]ID, home dir, shell and groups to adduser
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-system-tools (Ubuntu) |
Triaged
|
Low
|
Unassigned |
Bug Description
Binary package hint: gnome-system-tools
splitting this from #488158
> We implement user profiles in users-admin. Those allow the distribution/admin
> to present users with typical account types, which set sensible default values
> for home dir, shell, groups membership (esp. admin)
Nothing wrong with those, because adduser is used and say EXTRA_GROUPS defined in /etc/adduser.conf will be honored, right.
> and UID.
With this however I believe that any tool should *default to* leave the assignment of numerical IDs to be the responsibility of the system (it's part of the stuff that gets tweaked centrally in /etc/login.defs and /etc/adduser.conf)
>It's kind of silly we implement [user profiles] on the GUI side, but as we can't
> be sure the distribution supports this kind of feature (and none does ATM)
Its probably ok if profiles are not supported otherwise and its easier then submitting a patch.
>All I can do for now is have a look at the profiles handling code so that when
> no profiles are set, we don't specify any UID, and the backends leave adduser
> decide for us. Not very hard, but our protocol does not support it ATM.
Great. And its probably all that would be needed. Together with removing the settings that override system defaults from the shipped profiles. (i.e. have empty uid-min=, uid-max=, home-prefix= and shell= lines ; since those should have sensible system defaults)
(OT: Of course a patch to useradd -D or adduser to support different profiles would still be great, too. Single profile definition and configuration code is available in adduser.local. The doc is on any debian/ubuntu system file://
Maybe I should precise that [GU]ID ranges set in /etc/adduser.conf are still honored, it's only that users-admin chooses the ID itself in that range. So no real problem in that regard. We should just allow profiles not to be used if wanted.
(About "services" form adduser.local.conf, they don't seem to fit our needs because they are not considered as alternative account types, and don't include the settings we need. See file:// etc/gnome- system- tools/users/ profiles. )