Bug#426452: marked as done (user-setup: Should allow preseeding to avoid adding initial user into local device groups)

Your message dated Sat, 30 Jun 2007 06:17:04 +0000 with message-id <E1I4WGW-0004xO-O3@ries.debian.org> and subject line Bug#426452: fixed in user-setup 1.15 has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

attached mail follows:

Package: user-setup
Version: 1.11
Severity: wishlist
Tags: patch

In a large installation, it does not scale to add all users to the groups granting access to local devices on each machine. In such configurations it is better to assign that access dynamically at login, using the pam_group and pam_foreground pam modules.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

In such setting, it is a bad idea to add the initial user to a lot of groups, and it would be great if it was possible to preseed away the group adding normally done in d-i.

In Debian Edu, we use pam_group and pam_foreground to grant access to single desktop machines (what we call the standalone profile), to make sure all users are treated the same way even if they are added later on using adduser. We would also prefer to be able to preseed away the group adding. I would recommend Debian changed its default to also use pam_group and pam_foreground to grant access to local devices.

Here is a patch to add a hidden debconf question to disable the group adding. It is untested, but show the proposed change of feature.

Index: user-setup-apply

• user-setup-apply (revision 47046) +++ user-setup-apply (working copy) @@ -125,9 +125,15 @@ fi

 	if [ -n "$USER" ]; then
-		for group in audio cdrom dialout floppy video plugdev netdev powerdev; do
+		db_get passwd/use_pam_group
+		if [ "$RET" = false ] ; then
+		    # Grant access to some local devices for initial
+		    # user, unless pam_group and pam_forground is used
+		    # to grant access to console users.
+		    for group in audio cdrom dialout floppy video plugdev netdev powerdev; do
 			$log $chroot $ROOT adduser "$USER" $group >/dev/null 2>&1 || true
 		done
+		fi
 	fi
 
 	db_get passwd/root-login

• debian/user-setup-udeb.templates (revision 47046) +++ debian/user-setup-udeb.templates (working copy) @@ -16,6 +16,13 @@ Type: string Description: for internal use only

+# Allow preseeding away the group assignement for the initial user
+# when using pam_group and pam_forground to grant local device access
+Template: passwd/use_pam_group
+Type: boolean
+Default: false
+Description: for internal use only
+

attached mail follows:

Source: user-setup
Source-Version: 1.15

We believe that the bug you reported is fixed in the latest version of user-setup, which is due to be installed in the Debian FTP archive:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

user-setup-udeb_1.15_all.udeb
  to pool/main/u/user-setup/user-setup-udeb_1.15_all.udeb user-setup_1.15.dsc
  to pool/main/u/user-setup/user-setup_1.15.dsc user-setup_1.15.tar.gz
  to pool/main/u/user-setup/user-setup_1.15.tar.gz user-setup_1.15_all.deb
  to pool/main/u/user-setup/user-setup_1.15_all.deb

A summary of the changes between this version and the previous one is attached.

Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 426452@bugs.debian.org, and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software pp.
Christian Perrier <bubulle@debian.org> (supplier of updated user-setup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 29 Jun 2007 06:33:38 +0200
Source: user-setup
Binary: user-setup user-setup-udeb
Architecture: source all
Version: 1.15
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org> Changed-By: Christian Perrier <bubulle@debian.org> Description:
 user-setup - Set up initial user and password  user-setup-udeb - Set up users and passwords (udeb) Closes: 426452
Changes:
 user-setup (1.15) unstable; urgency=low  .
   [ Otavio Salvador ]

• Add support to control which default groups the initial user will be added. Preseed it at passwd/user-default-groups. Closes: #426452 Files: e68a4156ddd37b848179c914f5500c0e 755 debian-installer extra user-setup_1.15.dsc 3b4b9a478cae6193a63fcff961e21c90 117581 debian-installer extra user-setup_1.15.tar.gz a375be4ae3326e39b13c2259f9fe2d33 113478 debian-installer standard user-setup-udeb_1.15_all.udeb 84a5824c6115fe3465cc55565e06798d 119500 admin extra user-setup_1.15_all.deb Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

iD8DBQFGhJFq1OXtrMAUPS0RAiSyAJ4wytxFA9CVTxb+wi+EklyoWkXu0ACggmZp Fk53SGOteR0aeB3CROAMO9g=
=Qh9/
-----END PGP SIGNATURE-----

-- 
To UNSUBSCRIBE, email to debian-boot-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org