** Description changed: - Incorporate upstream commits: + [Impact] - https://github.com/GoogleCloudPlatform/guest- + The google_oslogin_control script included in the google-compute-engine- + oslogin binary package adds every new user to several + unnecessary/unexpected groups. Upstream recommends disabling this + behavior. + + [Test Case] + + Examine the /usr/bin/google_oslogin_control and ensure that the variable + assignment for + + group_conf_entry + + in the modify_group_conf() function does not contain any of the following groups: + + dip, plugdev, adm, docker, lxd + + [Regression Potential] + + Implemented incorrectly, this could break group setup for users on new + gce instances. Users may also have to alter configuration management + tools that expect users to already have access to e.g. the docker or lxd + group by default. + + [References] + + Upstream commits: + + https://github.com/GoogleCloudPlatform/guest- oslogin/commit/50b0fb7b5804c22ef9581e7dc91875801dfa5469 - https://github.com/GoogleCloudPlatform/guest- + https://github.com/GoogleCloudPlatform/guest- oslogin/commit/88f1ba85e20b3b3a07bfad2eeb723a6b06e41fc8
** Also affects: gce-compute-image-packages (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: gce-compute-image-packages (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: gce-compute-image-packages (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: gce-compute-image-packages (Ubuntu Groovy) Importance: Undecided Assignee: Steve Beattie (sbeattie) Status: New ** Also affects: gce-compute-image-packages (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: gce-compute-image-packages (Ubuntu Xenial) Assignee: (unassigned) => Steve Beattie (sbeattie) ** Changed in: gce-compute-image-packages (Ubuntu Bionic) Assignee: (unassigned) => Steve Beattie (sbeattie) ** Changed in: gce-compute-image-packages (Ubuntu Eoan) Assignee: (unassigned) => Steve Beattie (sbeattie) ** Changed in: gce-compute-image-packages (Ubuntu Focal) Assignee: (unassigned) => Steve Beattie (sbeattie) ** Description changed: [Impact] The google_oslogin_control script included in the google-compute-engine- oslogin binary package adds every new user to several unnecessary/unexpected groups. Upstream recommends disabling this behavior. [Test Case] Examine the /usr/bin/google_oslogin_control and ensure that the variable assignment for - group_conf_entry - - in the modify_group_conf() function does not contain any of the following groups: + group_conf_entry - dip, plugdev, adm, docker, lxd + in the modify_group_conf() function does not contain any of the + following groups: + + dip, plugdev, adm, docker, lxd [Regression Potential] Implemented incorrectly, this could break group setup for users on new gce instances. Users may also have to alter configuration management tools that expect users to already have access to e.g. the docker or lxd group by default. [References] - Upstream commits: + Upstream PR and commits: + + https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 https://github.com/GoogleCloudPlatform/guest- oslogin/commit/50b0fb7b5804c22ef9581e7dc91875801dfa5469 https://github.com/GoogleCloudPlatform/guest- oslogin/commit/88f1ba85e20b3b3a07bfad2eeb723a6b06e41fc8 ** Description changed: [Impact] The google_oslogin_control script included in the google-compute-engine- oslogin binary package adds every new user to several unnecessary/unexpected groups. Upstream recommends disabling this behavior. [Test Case] Examine the /usr/bin/google_oslogin_control and ensure that the variable assignment for group_conf_entry in the modify_group_conf() function does not contain any of the following groups: dip, plugdev, adm, docker, lxd [Regression Potential] Implemented incorrectly, this could break group setup for users on new gce instances. Users may also have to alter configuration management tools that expect users to already have access to e.g. the docker or lxd group by default. [References] Upstream PR and commits: - https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 + https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 https://github.com/GoogleCloudPlatform/guest- oslogin/commit/50b0fb7b5804c22ef9581e7dc91875801dfa5469 + https://github.com/GoogleCloudPlatform/guest-oslogin/pull/30 + https://github.com/GoogleCloudPlatform/guest- oslogin/commit/88f1ba85e20b3b3a07bfad2eeb723a6b06e41fc8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1878654 Title: Remove automatically added groups from os-login To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gce-compute-image-packages/+bug/1878654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs