<div dir="ltr">Hi,<div>In certain cases package installations will have to set up new groups, mostly for access management.</div><div><br></div><div>Examples are:</div><div>- libvirt to access <span style="font-family:monospace"><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)">/var/run/libvirt/libvirt-sock</span><br></span></div><div>- lxd to access <span style="font-family:monospace"><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)">/var/lib/lxd/unix.socket</span><br></span></div><div>- ... also sometimes accessing files, but you get the pattern</div><div><br></div><div>Since logins stay as-is in regard to groups, users have to re-login to pick up those permissions and be able to use the tools.</div><div>That is often mitigated by:</div><div>- package being preinstalled, so no one realizes the issue</div><div>- people deploy a system + set up a recipe automatically and only then log in</div><div><br></div><div>But then there are certain cases which just "feel" bad - a.k.a: "why can't it just work after being installed".</div><div>Yes a user can easily open a new terminal or kick su/newgrp/... manually !IF! they know what to do.</div><div>The next thing that comes to mind is echoing something on install, but who reads those messages - not worth the effort IMHO.</div><div>Finally none of these commonly discussed options [1][2][3] will be appropriate to be run from a maintainer-script IMHO.</div><div>Nor would they fixup the Graphical UI that represents a login as well.</div><div><br><div>Please get me right, I have every now and then seen issues of "this kind" and they are often not a big deal - so triage all of those ->wishlist and ignore them, not really.</div><div>But I find it annoying since we spent so much to make Ubuntu easy to consume and having such rough edges left.</div><div><br></div><div>I was wondering if there is a common pattern to resolve this that might just be unknown to me yet and that I could use in packaging.</div><div>OTOH I can already feel the security concerns and bad side effects of "global group membership refreshes"</div><div>And if there would be a common pattern that really works well - we should probably think of a single dh_group_refresh or something like it instead of per package fixes.</div><div><div><br></div><div>I'm afraid there is no such mechanism, but wanted at least to ask instead of giving up prematurely.</div><div><br></div><div><span style="color:rgb(51,51,51);font-family:monospace;font-size:12px;text-align:left;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">[1]:<span> </span></span><a rel="nofollow" href="https://superuser.com/questions/272061/reload-a-linux-users-group-assignments-without-logging-out" style="color:rgb(0,51,170);text-decoration:none;font-family:monospace;font-size:12px;text-align:left;background-color:rgb(255,255,255)">https://superuser.com/questions/272061/reload-a-linux-users-group-assignments-without-logging-out</a><br style="color:rgb(51,51,51);font-family:monospace;font-size:12px;text-align:left;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgb(51,51,51);font-family:monospace;font-size:12px;text-align:left;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">[2]:<span> </span></span><a rel="nofollow" href="https://serverfault.com/questions/74934/refresh-supplementary-group-memberships-without-logging-in-again" style="color:rgb(0,51,170);text-decoration:none;font-family:monospace;font-size:12px;text-align:left;background-color:rgb(255,255,255)">https://serverfault.com/questions/74934/refresh-supplementary-group-memberships-without-logging-in-again</a><br style="color:rgb(51,51,51);font-family:monospace;font-size:12px;text-align:left;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgb(51,51,51);font-family:monospace;font-size:12px;text-align:left;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">[3]:<span> </span></span><a rel="nofollow" href="https://unix.stackexchange.com/questions/18796/how-to-apply-changes-of-newly-added-user-groups-without-needing-to-reboot" style="color:rgb(0,51,170);text-decoration:none;font-family:monospace;font-size:12px;text-align:left;background-color:rgb(255,255,255)">https://unix.stackexchange.com/questions/18796/how-to-apply-changes-of-newly-added-user-groups-without-needing-to-reboot</a></div><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><span style="color:rgb(136,136,136);font-size:12.8px">Christian Ehrhardt</span><div style="color:rgb(136,136,136);font-size:12.8px">Software Engineer, Ubuntu Server</div><div style="color:rgb(136,136,136);font-size:12.8px">Canonical Ltd</div></div></div></div></div></div></div></div>