Bug in adduser?
 

Hi,

I just noticed a strange bug in the interactive adduser script. Normally there's a functionality to add a user to several additional groups (like lp, floppy, audio, video, cdrom, etc.) by hitting the UP key at one point. And this is what I usually do.

I'm currently writing the chapter about user and group management for my new Linux book, so I'm running a few tests on a vanilla Slackware 14.1 installation. And I just noticed that not hitting the up key for adding the user to additional groups... adds him to these anyway. What I'd expect after adding a user by simply hitting ENTER at the additional groups question would be to only see him or her in the users group. Instead, the user gets added to users, lp, floppy, audio, video, cdrom and scanner (but curiously enough, not plugdev).

Edit: after some more tests, I get some really weird results. I added a user 'kjoly' to a vanilla Slackware system running in a virtual host. I ask adduser not to add this user to any additional groups.

1. When I login as kjoly in init 3, I get this:

2. When I login as root, I get this:

3. When I SSH into that virtual installation as user 'kjoly', I get this:

I have a distinct feeling something is very wrong here.

Edit after some more fiddling. The bug seems to be in the 'groups' command. User kjoly doesn't appear in any additional groups in /etc/group, as expected. But when she issues the 'groups' command, she appears to be a member of lp, floppy, audio, etc.

I added a screenshot so you get an idea of what's happening.

Cheers,

Niki

It's from the CONSOLE_GROUPS setting in /etc/login.defs. That's normal on a vanilla Slackware install. I always comment that out when I do a fresh install.

Actually, I wonder whether we can remove this from adduser now - since I think that those extra groups are relevant for a user sitting at the computer.

If I remember rightly, they only get applied when you login on a tty but not through the local X11 display manager. Because of this, I'd rather see them removed from login.defs than adduser.

Also, I vaguely remember something about dbus not playing well with CONSOLE_GROUPS.

I'd favor not modifying adduser if possible. Just because I'm a bit lazy, adduser (internationalized) is used at the end of the CONFIGURE step in Slint installers and therefore localized (11 locales beyond en_US at time of writing).

We could handle a small change however, preferably on the occasion of a new Slackware release then ;)

I am with GazL and Didier Spaier on this one. It would be better to comment out CONSOLE_GROUPS in /etc/login.defs and leave it to the system administrator to assign groups via adduser when adding a user to the system.

GazL is correct, nothing is wrong with adduser or login.defs. The user logged in at the console gets implicitly added to several groups that are related to the local peripherals. A user logged in through a graphical display manager can do so from anywhere - while sitting at the machine but also from the other end of the world over the network using XDMCP. In the patter case the user needs to be added to these groups explicitly or else he won't be able to control the machine fully. U user who only logs in remotely does not require to be added to the additonal groups since he will never interact with the machine locally.

Therefore, all is as it should be and nothing needs to be changed.

Eric

Hmm. I think I clouded the issue by adding that aside saying that "I comment them out". I wasn't trying to infer that it is incorrect. Sorry about that - should have been clearer.

If they were commented out by default then that'd certainly suit me, as I prefer for users not to receive additional group membership simply because they're logging in on a virtual console, but its just a preference, nothing more, and I'm quite happy to go on changing it locally post-install.