Hello Richard and thanks for this bug report. You are right: the samba.postinst script adds all the users in the 'admin' group to the 'sambashare' group:
for USER in `getent group admin | cut -f4 -d:`; do
adduser "$USER" sambashare \
|| ! getent passwd "$USER" >/dev/null
done
The interesting thing is that I had a look in some Ubuntu systems I have access to and there's no 'admin' group at all. I think the 'admin' group is a legacy thing: the Ubuntu 12.04 release notes [1] report that:
Up until Ubuntu 11.10, administrator access using the
sudo tool was granted via the "admin" Unix group. In
Ubuntu 12.04, administrator access will be granted
via the "sudo" group.
So in the older Ubuntu releases the 'admin' did always exist as a local group.
The obvious fix here is to have the postinst script add users from the 'sudo' group instead, however I'm not sure I really like this idea. We'll again hardcode a group name in the postinst, and as apparently nobody noticed that the "auto-add admin/sudo users to sambashare" mechanism was broken in all these years, maybe it's not really worth having it in the first place.
Not having it will also make Ubuntu's samba behave like Debian in this respect. Note however that the postinst snippet is present in the Debian package (not a delta), so we should really try to land the fix in Debian, as it would be awkward to have an Ubuntu delta that fixes Ubuntu specific code.
Hello Richard and thanks for this bug report. You are right: the samba.postinst script adds all the users in the 'admin' group to the 'sambashare' group:
for USER in `getent group admin | cut -f4 -d:`; do
adduser "$USER" sambashare \
|| ! getent passwd "$USER" >/dev/null
done
The interesting thing is that I had a look in some Ubuntu systems I have access to and there's no 'admin' group at all. I think the 'admin' group is a legacy thing: the Ubuntu 12.04 release notes [1] report that:
Up until Ubuntu 11.10, administrator access using the
sudo tool was granted via the "admin" Unix group. In
Ubuntu 12.04, administrator access will be granted
via the "sudo" group.
So in the older Ubuntu releases the 'admin' did always exist as a local group.
The obvious fix here is to have the postinst script add users from the 'sudo' group instead, however I'm not sure I really like this idea. We'll again hardcode a group name in the postinst, and as apparently nobody noticed that the "auto-add admin/sudo users to sambashare" mechanism was broken in all these years, maybe it's not really worth having it in the first place.
Not having it will also make Ubuntu's samba behave like Debian in this respect. Note however that the postinst snippet is present in the Debian package (not a delta), so we should really try to land the fix in Debian, as it would be awkward to have an Ubuntu delta that fixes Ubuntu specific code.
This is worth some more discussion.
[1] https:/ /wiki.ubuntu. com/PrecisePang olin/ReleaseNot es/UbuntuDeskto p#PrecisePangol in.2FReleaseNot es.2FCommonInfr astructure. Common_ Infrastructure