Comment 2 for bug 1942195

Hello Richard and thanks for this bug report. You are right: the samba.postinst script adds all the users in the 'admin' group to the 'sambashare' group:

for USER in `getent group admin | cut -f4 -d:`; do
    adduser "$USER" sambashare \
    || ! getent passwd "$USER" >/dev/null
done

The interesting thing is that I had a look in some Ubuntu systems I have access to and there's no 'admin' group at all. I think the 'admin' group is a legacy thing: the Ubuntu 12.04 release notes [1] report that:

    Up until Ubuntu 11.10, administrator access using the
    sudo tool was granted via the "admin" Unix group. In
    Ubuntu 12.04, administrator access will be granted
    via the "sudo" group.

So in the older Ubuntu releases the 'admin' did always exist as a local group.

The obvious fix here is to have the postinst script add users from the 'sudo' group instead, however I'm not sure I really like this idea. We'll again hardcode a group name in the postinst, and as apparently nobody noticed that the "auto-add admin/sudo users to sambashare" mechanism was broken in all these years, maybe it's not really worth having it in the first place.

Not having it will also make Ubuntu's samba behave like Debian in this respect. Note however that the postinst snippet is present in the Debian package (not a delta), so we should really try to land the fix in Debian, as it would be awkward to have an Ubuntu delta that fixes Ubuntu specific code.

This is worth some more discussion.

[1] https://wiki.ubuntu.com/PrecisePangolin/ReleaseNotes/UbuntuDesktop#PrecisePangolin.2FReleaseNotes.2FCommonInfrastructure.Common_Infrastructure