New group for local users (WILL BREAK UPGRADES without manual intervention!)

Martin Pitt martin at piware.de
Wed Sep 1 05:05:39 CDT 2004 

Hi!

On 2004-09-01 11:55 +0200, Fabio Massimo Di Nitto wrote:
> > If you install new Ubuntu versions from scratch, you will not have to
> > do anything. However, if you are upgrading from an older Warty, then
> > the already existing user(s) will not be put into plugdev
> > automatically, so you have to do this by hand:
> >
> > # addgroup --system plugdev
> > # adduser <yourusername> plugdev
> 
> Can't we check if the group is there and take appropriate actions? This
> will break all upgrades from Debian to us. 

I'm aware of that and I already discussed that with Matt. The current
"solution" is to put this into the release notes since it does not
directly break upgrades, but the usage afterwards (I just exaggerated
the subject a little to get some attention).

> The admin should also be informed of these changes (only on
> upgrades) and perhaps (really a wishlist here) ask for the default
> user to add to that group.

One possibility is to have the new mount/pmount packages display a
high-priority debconf note if the group is not present. But I think
somebody will shoot me if I did that. Alternatively, this change could
be mailed to root at localhost, but I'm not sure whether the admin really
reads this.

Maybe the least intrusive change would be to check if the group is
present, and if _not_, leave mount/pmount to unrestricted access. This
way, new installations will benefit from the added security
restrictions and Woody/older Warty upgrades go smoothly. As soon as
the admin does the manual modifications, the next mount/pmount update will
tighten the permissions.

libgphoto can probably be handled in README.Debian, it will just not
work if the group is not present.

Any comments to that?

Martin

-- 
Martin Pitt                 Debian GNU/Linux Developer
martin at piware.de                      mpitt at debian.org
http://www.piware.de             http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.ubuntu.com/archives/sounder/attachments/20040901/36d49a60/attachment.pgp

More information about the sounder mailing list