[arch-general] New users not automatically added to 'users' group if -g default group specified?
All, In the past with arch installs, new users have always been added to the 'users' group. Now that is not being done. If I recall correctly, I have always specified that users are members of a group with the same name as the user by manually creating the group and using the useradd -g <group> option. This was done to keep UID and GID numbers the same across multiple boxes. On older installs all users were made part of the users group: (July 2011 install) [08:31 nirvana:/etc/httpd/conf] # grep users /etc/group users:x:100:david,anna,blah,blah,blah (New install) [08:45 phoinix:/etc] # grep users /etc/group users:x:100: Is this expected behavior, or has something gone wrong with the install? I ask because https://wiki.archlinux.org/index.php/Cron#Users_and_autostart suggest that all users should already be members of the 'users' group. I don't mind manually adding the users, but if this is a bug, I'll report it. -- David C. Rankin, J.D.,P.E.
[2013-12-04 09:16:46 -0600] David C. Rankin:
In the past with arch installs, new users have always been added to the 'users' group. Now that is not being done.
Bug reports go to: https://bugs.archlinux.org/ Not this list, not private emails to maintainers, not a combination of the above. -- Gaetan
On Wed, 04 Dec 2013 09:16:46 -0600 "David C. Rankin" <drankinatty@suddenlinkmail.com> wrote:
All,
In the past with arch installs, new users have always been added to the 'users' group. Now that is not being done. If I recall correctly, I have always specified that users are members of a group with the same name as the user by manually creating the group and using the useradd -g <group> option. This was done to keep UID and GID numbers the same across multiple boxes. On older installs all users were made part of the users group:
(July 2011 install)
[08:31 nirvana:/etc/httpd/conf] # grep users /etc/group users:x:100:david,anna,blah,blah,blah
(New install)
[08:45 phoinix:/etc] # grep users /etc/group users:x:100:
Is this expected behavior, or has something gone wrong with the install? I ask because https://wiki.archlinux.org/index.php/Cron#Users_and_autostart suggest that all users should already be members of the 'users' group. I don't mind manually adding the users, but if this is a bug, I'll report it.
In short, this is OK; your user doesn't need to be mentioned in /etc/groups after his primary group. If he is mentioned, then the primary group is also his supplementary one (which is anyway automatic). GID=100 (users) is a primary group, see /etc/defaults/useradd. The primary group info is stored in /etc/passwd (userid:x:UID:primary_GID:...), so the "users:x:100:"entry in /etc/group is dummy and AFAIU exists only to make useradd happy. This is done to save space in /etc/group on systems with large number of users. My speculation would be that in 2011, you ran "useradd -m -g users -G users,audio,... david". The correct call shouldn't contain "users" after -G. Cheers, -- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
[2013-12-04 12:57:23 -0600] Leonid Isaev:
On Wed, 04 Dec 2013 09:16:46 -0600 "David C. Rankin" <drankinatty@suddenlinkmail.com> wrote:
In the past with arch installs, new users have always been added to the 'users' group. Now that is not being done.
In short, this is OK; your user doesn't need to be mentioned in /etc/groups after his primary group. If he is mentioned, then the primary group is also his supplementary one (which is anyway automatic).
A while back, the default primary group for all new users was "users". It's not anymore: an individual group is created for each new user. One can disable USERGROUPS_ENAB in login.defs to get the old behavior.
This is done to save space in /etc/group on systems with large number of users.
So each user gets a home directory, generates log info under /var/log upon login/logout, /etc/passwd and /etc/shadow grow linearly in the number of users, but we are going to shave a few bytes off /etc/group? That's hard to believe. -- Gaetan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/04/2013 09:10 PM, Gaetan Bisson wrote:
A while back, the default primary group for all new users was "users". It's not anymore: an individual group is created for each new user.
One can disable USERGROUPS_ENAB in login.defs to get the old behavior.
This is done to save space in /etc/group on systems with large number of users. So each user gets a home directory, generates log info under /var/log upon login/logout, /etc/passwd and /etc/shadow grow linearly in the number of users, but we are going to shave a few bytes off /etc/group? That's hard to believe.
Gaetan, Thanks, glad to know I wasn't going nuts. I prefer individual groups created for each user and have a set of scripts that did that for Arch to keep my UID/GID for each user the same across multiple boxes. Eg. #!/bin/bash ## normal groups to add to system groupadd -g 1061 deborah groupadd -g 1062 zachry <snip> ## create users and assign groups useradd -u 1001 -g deborah -c "Full Name" -m deborah echo -e "\n Setting password for user deborah:" pwexit=1 while [[ $pwexit != 0 ]]; do passwd deborah pwexit=$? done unset pwexit useradd -u 1002 -g zachry -c "Full Name" -m zachry echo -e "\n Setting password for user zachry:" <snip> One question though, the USERGROUPS_ENAB flag seems self-explanatory, but the comments above the flag say: # # Enable setting of the umask group bits to be the same as owner bits # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is # the same as gid, and username is the same as the primary group name. # # This also enables userdel to remove user groups if no members exist. # So, in addition to insuring umask group bits are the same as owner bits for non-root users, this setting controls whether new users are automatically added to the 'users' group by default with useradd? Because the behavior I saw from useradd prior to this change was that all users were added to the 'users' group even when a primary group was specified with -g. As long as nothing is using the 'users' group as a check like the cronie web-page seemed to suggest, then I guess there is no impact aside from saving a few bits in /etc/group. Thank you for the explanation. - -- David C. Rankin, J.D.,P.E. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKf/TgACgkQZMpuZ8CyrcgIxACeLwHfesXTVpDiXAJJNy5ASl9W jIEAnAtwl9tKw3DvSvymXYwVLeH2t7PP =QJr/ -----END PGP SIGNATURE-----
[2013-12-04 22:12:40 -0600] David C. Rankin:
One question though, the USERGROUPS_ENAB flag seems self-explanatory, but the comments above the flag say:
# # Enable setting of the umask group bits to be the same as owner bits # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is # the same as gid, and username is the same as the primary group name. # # This also enables userdel to remove user groups if no members exist. #
So, in addition to insuring umask group bits are the same as owner bits for non-root users, this setting controls whether new users are automatically added to the 'users' group by default with useradd?
See the man page to useradd: "If not specified, the behavior of useradd will depend on the USERGROUPS_ENAB variable in /etc/login.defs. If this variable is set to yes (or -U/--user-group is specified on the command line), a group will be created for the user, with the same name as her loginname. If the variable is set to no (or -N/--no-user-group is specified on the command line), useradd will set the primary group of the new user to the value specified by the GROUP variable in /etc/default/useradd, or 100 by default." -- Gaetan
On Wed, 4 Dec 2013 17:10:45 -1000 Gaetan Bisson <bisson@archlinux.org> wrote:
[2013-12-04 12:57:23 -0600] Leonid Isaev:
On Wed, 04 Dec 2013 09:16:46 -0600 "David C. Rankin" <drankinatty@suddenlinkmail.com> wrote:
In the past with arch installs, new users have always been added to the 'users' group. Now that is not being done.
In short, this is OK; your user doesn't need to be mentioned in /etc/groups after his primary group. If he is mentioned, then the primary group is also his supplementary one (which is anyway automatic).
A while back, the default primary group for all new users was "users". It's not anymore: an individual group is created for each new user.
One can disable USERGROUPS_ENAB in login.defs to get the old behavior.
That's right.
This is done to save space in /etc/group on systems with large number of users.
So each user gets a home directory, generates log info under /var/log upon login/logout, /etc/passwd and /etc/shadow grow linearly in the number of users, but we are going to shave a few bytes off /etc/group? That's hard to believe.
I agree that this reasoning is a speculation, but still having 100 users in /etc/group after 'users' would a mess. Also, I remember the question of why 'users' contains no usernames has already been asked on this ML, but somehow I can't find the link... Best, -- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
participants (3)
-
David C. Rankin
-
Gaetan Bisson
-
Leonid Isaev