Debian Bug report logs - #643559
adduser with personal groups should make home directory g+s

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ijackson@chiark.greenend.org.uk>

To: submit@bugs.debian.org

Subject: adduser with personal groups should make home directory g+s

Date: Tue, 27 Sep 2011 15:27:44 +0100

Package: adduser
Version: 3.112+nmu2

Personal groups are the default on Debian.  The purpose of personal
groups is to allow users to run with a umask of 002 so that they can
sensibly access shared filespace areas whose access is controlled by
group.

This only works if the shared filespace areas remain owned by the
relevant group.  This is best achieved by setting the g+s bit on all
directories which are part of shared filespace areas.  This both
ensures the right ownership of newly created files and directories,
and propagates the g+s bit to subdirectories.

With personal groups, the user's home directory is owned by their
personal group so the g+s bit has no effect in that case, other than
(a) to ensure that all the subdirectories they create are also g+s
(b) to ensure that files they create in their filespace become owned
by their personal group regardness of their process's primary group.

If the user wants to make a shared filespace area, the natural
approach would be:
   chgrp -R shared-group directory

If the directories in question are not g+s, this is not sufficient; a
rune to turn on g+s for the relevant directories is needed.  If the
home directory areas were g+s this would not be necessary.

So in the default (personal groups) configuration, home directories
should be g+s.

Ian.

Message #10 received at 643559@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-packages@zugschlus.de>

To: Ian Jackson <ijackson@chiark.greenend.org.uk>, 643559@bugs.debian.org, 643559-submitter@bugs.debian.org

Subject: Re: Bug#643559: adduser with personal groups should make home directory g+s

Date: Wed, 23 Nov 2011 11:14:33 +0100

severity #643559 wishlist
thanks

On Tue, Sep 27, 2011 at 03:27:44PM +0100, Ian Jackson wrote:
> So in the default (personal groups) configuration, home directories
> should be g+s.

This can be locally configured via the DIR_MODE setting in
adduser.conf. I don't think it would be a good idea to change the
default.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

Message #20 received at 643559@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ijackson@chiark.greenend.org.uk>

To: Marc Haber <mh+debian-packages@zugschlus.de>

Cc: 643559@bugs.debian.org

Subject: Re: Bug#643559: adduser with personal groups should make home directory g+s

Date: Wed, 23 Nov 2011 14:29:20 +0000

Thanks for your reply.

Marc Haber writes ("Re: Bug#643559: adduser with personal groups should make home directory g+s"):
> This can be locally configured via the DIR_MODE setting in
> adduser.conf. I don't think it would be a good idea to change the
> default.

May I ask why not ?  I thought I had provided a clear enough
explanation of the reasoning, and the change is otherwise harmless,
but I'd be happy to go into it further.

Thanks,
Ian.

Message #25 received at 643559@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ijackson@chiark.greenend.org.uk>

To: Marc Haber <mh+debian-packages@zugschlus.de>, 643559@bugs.debian.org

Subject: Re: Bug#643559: adduser with personal groups should make home directory g+s

Date: Wed, 23 Nov 2011 16:06:11 +0000

I wrote:
> May I ask why not ?  I thought I had provided a clear enough
> explanation of the reasoning, and the change is otherwise harmless,
> but I'd be happy to go into it further.

Looking into this further, I found this in adduser.conf:

  # If SETGID_HOME is "yes" home directories for users with their own
  # group the setgid bit will be set. This was the default for
  # versions << 3.13 of adduser. Because it has some bad side effects we
  # no longer do this per default. If you want it nevertheless you can
  # still set it here.
  SETGID_HOME=no

So my first observation is actually that I'm asking for SETGID_HOME's
default to be changed to "yes".

The second is that there is this rather fuddish comment about "some
bad side effects".  I did web search to try to find out what those bad
side effects might be, and I found this:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=64806

Those "bad side-effects", if they were ever relevant and important
enough to make personal groups not work properly, have now been fixed.
I have been developing Debian packages on systems with g+s home
directories since around 1993.

Debian's adduser did the right thing by default from 1997 to 2000.
I'd like it to do the right thing again.

Ian.

Message #30 received at 643559-submitter@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-packages@zugschlus.de>

To: 643559-submitter@bugs.debian.org

Subject: Bug#643559 marked as pending in adduser

Date: Thu, 30 Jun 2022 14:47:45 +0000

Control: tag -1 pending

Hello,

Bug #643559 in adduser reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/adduser/-/commit/c8606d53d007cea5da1709928ea36aaf8a68bbc1

------------------------------------------------------------------------
Deprecate SETGID_HOME.

Add NEWS/TODO items.

Closes: #643559
Closes: #979385
Closes: #1008091
Closes: #643559
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/643559

Message #33 received at 643559-submitter@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-packages@zugschlus.de>

To: 643559-submitter@bugs.debian.org

Subject: Bug#643559 marked as pending in adduser

Date: Thu, 30 Jun 2022 14:47:46 +0000

Control: tag -1 pending

Hello,

Bug #643559 in adduser reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/adduser/-/commit/c8606d53d007cea5da1709928ea36aaf8a68bbc1

------------------------------------------------------------------------
Deprecate SETGID_HOME.

Add NEWS/TODO items.

Closes: #643559
Closes: #979385
Closes: #1008091
Closes: #643559
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/643559

Message #38 received at 643559-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 643559-close@bugs.debian.org

Subject: Bug#643559: fixed in adduser 3.122

Date: Wed, 13 Jul 2022 19:03:47 +0000

Source: adduser
Source-Version: 3.122
Done: Marc Haber <mh+debian-packages@zugschlus.de>

We believe that the bug you reported is fixed in the latest version of
adduser, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 643559@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Haber <mh+debian-packages@zugschlus.de> (supplier of updated adduser package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 13 Jul 2022 20:30:00 +0200
Source: adduser
Architecture: source
Version: 3.122
Distribution: unstable
Urgency: low
Maintainer: Debian Adduser Developers <adduser@packages.debian.org>
Changed-By: Marc Haber <mh+debian-packages@zugschlus.de>
Closes: 202943 239825 398793 432562 520037 521883 588872 643559 664869 675804 679746 685532 701110 723572 774046 849265 874560 891748 896916 908997 920739 923059 925511 926262 969217 977678 979385 983405 992163 1001863 1006897 1006941 1006975 1007785 1008081 1008091 1014395 1014448
Changes:
 adduser (3.122) unstable; urgency=low
 .
   [ Marc Haber ]
   * improve package description.
   * Standards-Version: 4.6.1 (no changes necessary)
   * clean out EXTRA_GROUPS to only contain users.
     Thanks to Daniel Keast. (Closes: #849265)
   * add SECURITY section to manual pages.
   * add test for backups of home directory.
   * improve and update lintian overrides.
   * Formatting changes to manual pages.
     Thanks to Markus Hiereth. (Closes: #874560)
   * fix some typos in manual pages.
   * set VERBOSE and DEBUG envvars in deluser as well. (Closes: #1006897)
   * add documentation about adduser being a policy layer. (Closes: #1007785)
   * try to clarify system account terminology (policy vs system).
     (Closes: #1006975)
   * Document that only adduser --system is idempotent. (Closes: #723572)
   * error out for two-argument addgroup.
     Thanks to Mike Dornberger. (Closes: #664869)
   * make --add_extra_groups into --add-extra-groups. (Closes: #1014395)
   * --force-badname is now --allow-badname. (Closes: #1014448)
   * update turkish debconf translation.
     Thanks to Atila KOÇ. (Closes: #908997)
   * Update Russian debconf translation.
     Thanks to Lev Lamberov. (Closes: #920739)
   * Update Danish debconf translation (Closes: #923059)
   * Update Italian debconf translation.
     Thanks to Luca Monducci. (Closes: #969217)
   * Update German man page translation.
     Thanks to Helge Kreutzmann. (Closes: #977678)
   * Update European Portuguese translation of man page.
     Thanks to Américo Monteiro. (Closes: #925511)
   * disable translated manpages, none left for the time being.
   * deprecate planned directory service support.
   * Add docs about adduser.local being the place to interact with DS,
   * Some improvements to autopkgtests.
 .
   [ Matt Barry ]
   * System account home dir defaults to /nonexistent. (Closes: #679746)
   * do not accept all-numeric user names. (Closes: #891748)
   * prompts need y/n/empty(default).
   * Implement SYS_DIR_MODE. (Closes: #1008081, #202943, #398793)
   * Implement SYS_NAME_REGEX. (Closes: #521883, #432562)
   * Deprecate SETGID_HOME.
     Add NEWS/TODO items. (Closes: #643559, #979385, #1008091, #643559)
   * Fix ignored files for --remove-all-files.
     (Closes: #1001863, #588872, #926262, #992163)
   * Redefines the default NO_DEL_PATHS to avoid unnecessary
     scanning.
   * Change deluser_files test to use gzip.
   * Fix deletion of sockets/pipes. (Closes: #685532)
   * Simplify checkname sub.  (Closes: #1006941)
   * Adds support for lock files. (Closes: #983405)
   * Username validity testing framework.
   * Add --allow-all-names to bypass --force-badname.
     (Closes: #520037, #774046)
   * use warnf instead of printf in some places. (Closes: #675804)
   * Support tar --auto-compress for backups. (Closes: #896916)
   * Many improvements to autopkgtests. (Closes: 239825)
 .
   [ Jason Franklin ]
   * Allow for cloned-UID users in group member lists.
     Thanks to Daniel Heimann. (Closes: #701110)
Checksums-Sha1:
 5cbcec9f80e5c73198307edb7040c5c12bb35d3f 1683 adduser_3.122.dsc
 ccf7c4e3efec29257e3b484bb53c2a55d69e0455 230224 adduser_3.122.tar.xz
 27c0ec7f2d7048ddfd7f89dc33012bef7a8e5866 5697 adduser_3.122_source.buildinfo
Checksums-Sha256:
 584ed616d8ac705daffc96564ef45fb34f2eb9663f7348013adea0e4539a869c 1683 adduser_3.122.dsc
 5f093054c0f0c90c313d704f7af6d338f334df793942fafd43e5a8e6c63236c4 230224 adduser_3.122.tar.xz
 7f92d3de2b5ea8da31088424a2043831dedc8aab8f60158e37455cb3a350d63e 5697 adduser_3.122_source.buildinfo
Files:
 0c7d4c5bcd648b829bcaa58101fecbb7 1683 admin important adduser_3.122.dsc
 1da1b75966877f902c4b6d0d5f105609 230224 admin important adduser_3.122.tar.xz
 ab9602ba5d83a6de88ab29bb2e76d961 5697 admin important adduser_3.122_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAmLPEWMACgkQj3cgEwEy
BELCfhAAujNsWZNpvvi2vpDICGMPprz7MooXq5B4fe6fR6nR5Pizh+0E9Skh7NVl
Z5qJvIzcNcva+/TYkml0wO77H1fPefQ+sgxCHmtUTBwK9LZPdh0b6MrWK7hWnhk0
QI/mRMKoNUrMSpVz6suvetUrHvVymWBv/hsQHTt5uSOAB/Wqwbfdt0VFYgQ2i+Yd
Vtr1+U4yjPZ+j9kAFg7HYnVc2Jh8J07ipRrSRnC07AB3wvwcunUiv2fOzJi4S51S
9n/LllsXNS4629siVKDspKOtaak3dpXRPLHFgB+hPlZRhdCCKWoto9TrY1e3XY8N
zZRSYVULaH9OkuIFx6yoUuChhDmteyZ+C0TJlv+qaigf34/qaqF15pu4ee5ZlmuT
SYHI2vcYQ0yXJ92U2U56hYvlzFZufyopWUQkALKwGEzq13LMlMtTJhKypl2PnwzF
jL/n0r0P92kSUd0BAFuzsdp3PPkQoTG9hSTf5BQAXN9JR1dYkIjc95si8KKZ+FD+
Gda+o46EUo3tLgAYGxStxoPsgNb8n2mePrFB5cXERL84uimeVNMg4Hnmt8+cqnYw
jbdDxODIBNsgoCYEqqTe2NOyBQv5gPb0PXYekiHNFRH70sTJDPIjQkrnrYQX73xZ
W5ap2XFEMpqGrFa8VyUwRl15/MAg5Ds0bRi7GzlGPKIKKK8PFFI=
=6vgg
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.