[Bug 1923363] Re: [FFe] Users are not added to the dialout group
Steve Langasek
1923363 at bugs.launchpad.net
Tue Apr 13 19:39:14 UTC 2021
I'm unclear why the default user is part of the dialout group on server
images either. If you look at the history of user-setup, you'll see
that we once (10 years ago) had the default user in dialout, but this
was reverted because it wasn't needed for ppp access (that uses dip) and
users shouldn't have direct access to serial ttys by default. In
particular, if there is a serial console, having access to the tty means
the user may have access to intercept root passwords being sent on the
line.
Do you know where the dialout group is being added by default on
servers, and if there has already been discussion of this issue?
I expect that the GPIO devices are not serial TTYs. Is there a good
reason to use the dialout group for these devices instead of a different
(perhaps new) group?
** Changed in: user-setup (Ubuntu)
Status: New => Incomplete
** Changed in: ubiquity (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to user-setup in Ubuntu.
https://bugs.launchpad.net/bugs/1923363
Title:
[FFe] Users are not added to the dialout group
Status in ubiquity package in Ubuntu:
Incomplete
Status in user-setup package in Ubuntu:
Incomplete
Bug description:
We're attempting to make the GPIO system on the Raspberry Pi images
work "out of the box" on the new image. By default, GPIO kernel
devices are made available to members of the "dialout" group which the
initial user is added to by default on our server images. However,
we've noticed that this isn't the case on the desktop images.
The regression potential is minimal; the group already exists and
we're simply adding the freshly created user to a new group and not
removing any existing memberships. The group in question ("dialout")
is also rarely used these days except for providing access to serial
consoles, and as mentioned above is already a default membership on
the server images. The change has been tested on the desktop image
successfully.
A test build of the updated image will be made under
https://launchpad.net/~waveform/+archive/ubuntu/ubiquity and I'll
attach a debdiff shortly.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1923363/+subscriptions
More information about the foundations-bugs
mailing list