Binary package hint: userconfig
Changing the "primary group" assigned to a user deletes the membership in the
original group, although the GUI claims otherwise. This bug is quite serious,
because it can effectively lock a user out of his/her own machine: if the
user's original primary group is "admin" and there is no other account on the
system with "admin" privileges (e.g., if a root password has not been defined,
as is common in (K)ubuntu systems), then this bug can easily eliminate all
admin privileges from all accounts on the machine. Thus, there is no way to
administer the system without going into a "rescue" mode.
How to reproduce:
1. Open up a konsole, and type "groups username" where username is the name a
of user on the system.
2. Open K menu->System settings->Advanced tab->User management, supply admin
password.
3. Select the user that you used above, and click "Modify"
4. Change the "Primary group" to something different; don't click "Apply" yet.
5. Click the "Privileges & groups" tab. Verify that the new primary group is
checked, and also note that the old primary group is also checked. Now click
"Apply".
6. Go back to the command line, and type "groups username" again. You will note
that---despite what it said in the check list of group membership in the
GUI---the original primary group has been deleted from the list of groups.
[7. If you don't want to mess up your system: before quitting the GUI, repair
the damage by going back to the "Details" tab and restoring the original
primary group. Check everything on the command line to make sure it's right.]
So if "admin" was the primary group, and one exited the GUI after #6, there
would be no way to restore admin privileges without using another account that
does possess admin privileges or booting into single-user mode.
In my view, the "Change primary group" should only present the user with a list
of the groups to which he/she already belongs (rather than the current "show
all groups") and should just change the ranking of the groups within that list.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: userconfig 0.9.0-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic i686
Architecture: i386
Date: Thu May 20 11:53:34 2010
InstallationMedia: Kubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100427)
PackageArchitecture: all
ProcEnviron:
LANGUAGE=
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: userconfig
Thanks for reporting this.
I think only showing the groups the user is already in (secondary groups + current primary group) makes some sense, but I am not sure.
I'm also not sure if changing the user's primary group should make the old primary a secondary, but as you explained the display implies this and is incorrect. The other option would be to remove the user from the group entirely, and the display should reflect this. Possibly the intention was to make it a secondary group as it shows but there is a bug in actually saving it to the right place.