Re: User group "users"

[Toni Mas Soler]

Please, note that's my own criteria.
- Each new user must have their own group to prevent security issues.
- Most of users are per-app users, following (more or less Android methods). So 
only real (login) users are added manually in the GID=100. Thus they can share 
what they want only who then want with no acl complexity.

Toni Mas
GPG 3F42A21D84D7E950

Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐

El divendres, 21 de gener 2022 a les 18:51, Thomas Hochstein  va 
escriure:

> Roberto C. Sánchez schrieb:
> 

> > > > New users have gid 100 set as their primary group by default. So, new
> > > > 

> > > > users are members of the group without having to be added to the group
> > > > 

> > > > in /etc/groups.
> 

> That depends on your configuration.
> 

> | # /etc/adduser.conf: `adduser' configuration. | # See adduser(8) and 
> adduser.conf(5) for full documentation. [...] | # The USERGROUPS variable can 
> be either "yes" or "no". If "yes" each | # created user will be given their 
> own group to use as a default. If | # "no", each created user will be placed 
> in the group whose gid is | # USERS_GID (see below). | USERGROUPS=yes | | # 
> If USERGROUPS is "no", then USERS_GID should be the GID of the group | #` 
> users' (or the equivalent group) on your system.
> 

> | USERS_GID=100
> 

> > Quite right. It seems that I probably made that change a very long time
> > 

> > ago, long enough ago so that it just seemed like the standard
> > 

> > configuration to me.
> 

> > From https://wiki.debian.org/UserPrivateGroups:
> 

> | Debian has been using (creating) user private groups by default almost
> 

> | from the beginning. However, UPGs where not fully enabled on newly
> 

> | installed systems since release 2.2., because the central umask
> 

> | adjustment for UPGs, as configured in /etc/login.defs, was broken with
> 

> | the inclusion of PAM. This feature was only reintroduced with
> 

> | libpam-umask in release 6.0 (Squeeze).
> 

> -thh

signature.asc
Description: OpenPGP digital signature

Re: User group "users"

[Thomas Hochstein]

Roberto C. Sánchez schrieb:

>>> New users have gid 100 set as their primary group by default.  So, new
>>> users are members of the group without having to be added to the group
>>> in /etc/groups.

That depends on your configuration.

| # /etc/adduser.conf: `adduser' configuration.
| # See adduser(8) and adduser.conf(5) for full documentation.
[...]
| # The USERGROUPS variable can be either "yes" or "no".  If "yes" each
| # created user will be given their own group to use as a default.  If
| # "no", each created user will be placed in the group whose gid is
| # USERS_GID (see below).
| USERGROUPS=yes
| 
| # If USERGROUPS is "no", then USERS_GID should be the GID of the group
| # `users' (or the equivalent group) on your system.
| USERS_GID=100

> Quite right.  It seems that I probably made that change a very long time
> ago, long enough ago so that it just seemed like the standard
> configuration to me.

>From :
|  Debian has been using (creating) user private groups by default almost
|  from the beginning. However, UPGs where not fully enabled on newly
|  installed systems since release 2.2., because the central umask
|  adjustment for UPGs, as configured in /etc/login.defs, was broken with
|  the inclusion of PAM. This feature was only reintroduced with
|  libpam-umask in release 6.0 (Squeeze). 

-thh

Re: User group "users"

[Andrei POPESCU]

On Vi, 21 ian 22, 14:49:09, Steve Keller wrote:
> I see that on my Debian systems there is a user group "users" with GID 100,
> but by default no user gets added to it.  So what is the purpose or reason
> to have it?
> 
> >From old Unix installations I know the group "users" which every user was
> a member of, by default.
 
According to /usr/share/doc/base-passwd/users-and-groups.txt.gz

   users
  While Debian systems use the user-group system by
  default (each user has their own group), some prefer to
  use a more traditional group system. In that system,
  each user is a member of the 'users' group.


It's probably there to "reserve" GID 100 and preserve compatibility with 
other systems using this system.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: User group "users"

[David Wright]

On Fri 21 Jan 2022 at 16:11:13 (+0100), Steve Keller wrote:
> "Roberto C. Sánchez"  wrote:
> 
> > New users have gid 100 set as their primary group by default.  So, new
> > users are members of the group without having to be added to the group
> > in /etc/groups.
> 
> Hmm, at least not on two Debian systems (stretch and bullseye), I have
> running here:
> 
> # cat /etc/debian_version 
> 9.13
> # useradd -c Foo foo
> # id foo
> uid=1021(foo) gid=1021(foo) groups=1021(foo)
> 
> 
> # cat /etc/debian_version 
> 11.2
> # useradd -c Foo foo
> # id foo
> uid=1020(foo) gid=1020(foo) groups=1020(foo)

You're encouraged to use adduser rather than useradd. But in
both cases, what they do is configured with, respectively,
/etc/adduser.conf and /etc/default/useradd, q.v.

Cheers,
David.

Re: User group "users"

[Roberto C . Sánchez]

On Fri, Jan 21, 2022 at 04:08:00PM +0100, Jerome BENOIT wrote:
> 
> 
> On 21/01/2022 15:59, Roberto C. Sánchez wrote:
> > On Fri, Jan 21, 2022 at 02:49:09PM +0100, Steve Keller wrote:
> > > I see that on my Debian systems there is a user group "users" with GID 
> > > 100,
> > > but by default no user gets added to it.  So what is the purpose or reason
> > > to have it?
> > > 
> > > >From old Unix installations I know the group "users" which every user was
> > > a member of, by default.
> > > 
> > New users have gid 100 set as their primary group by default.  So, new
> > users are members of the group without having to be added to the group
> > in /etc/groups.
> 
> This might be specific to your installation.
> Usually users have by default their own group.
> 
Quite right.  It seems that I probably made that change a very long time
ago, long enough ago so that it just seemed like the standard
configuration to me.  Apologies for the misinformation.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: User group "users"

[Steve Keller]

"Roberto C. Sánchez"  wrote:

> New users have gid 100 set as their primary group by default.  So, new
> users are members of the group without having to be added to the group
> in /etc/groups.

Hmm, at least not on two Debian systems (stretch and bullseye), I have
running here:

# cat /etc/debian_version 
9.13
# useradd -c Foo foo
# id foo
uid=1021(foo) gid=1021(foo) groups=1021(foo)


# cat /etc/debian_version 
11.2
# useradd -c Foo foo
# id foo
uid=1020(foo) gid=1020(foo) groups=1020(foo)


Steve

Re: User group "users"

[Jerome BENOIT]

On 21/01/2022 15:59, Roberto C. Sánchez wrote:

On Fri, Jan 21, 2022 at 02:49:09PM +0100, Steve Keller wrote:

I see that on my Debian systems there is a user group "users" with GID 100,
but by default no user gets added to it.  So what is the purpose or reason
to have it?

>From old Unix installations I know the group "users" which every user was
a member of, by default.


New users have gid 100 set as their primary group by default.  So, new
users are members of the group without having to be added to the group
in /etc/groups.


This might be specific to your installation.
Usually users have by default their own group.

Cheers,
Jerome




Regards,

-Roberto

Re: User group "users"

[Roberto C . Sánchez]

On Fri, Jan 21, 2022 at 02:49:09PM +0100, Steve Keller wrote:
> I see that on my Debian systems there is a user group "users" with GID 100,
> but by default no user gets added to it.  So what is the purpose or reason
> to have it?
> 
> >From old Unix installations I know the group "users" which every user was
> a member of, by default.
> 
New users have gid 100 set as their primary group by default.  So, new
users are members of the group without having to be added to the group
in /etc/groups.

Regards,

-Roberto

-- 
Roberto C. Sánchez

User group "users"

[Steve Keller]

I see that on my Debian systems there is a user group "users" with GID 100,
but by default no user gets added to it.  So what is the purpose or reason
to have it?

>From old Unix installations I know the group "users" which every user was
a member of, by default.

Steve