[Pkg-samba-maint] [Git][samba-team/samba][master] 2 commits: samba.postinst: do not populate sambashare from the Ubuntu admin group

Mathieu Parent (@sathieu) gitlab at salsa.debian.org
Wed Oct 6 08:09:24 BST 2021 


Mathieu Parent pushed to branch master at Debian Samba Team / samba


Commits:
4385c392 by Paride Legovini at 2021-09-23T23:39:46+02:00
samba.postinst: do not populate sambashare from the Ubuntu admin group

This reverts commit fe5cef5014db5b5d6cf55e036583f8f84962e9b2.

The admin group has been phased out in Ubuntu 12.04 [1]:

  Up until Ubuntu 11.10, administrator access using the sudo tool was
  granted via the "admin" Unix group. In Ubuntu 12.04, administrator
  access will be granted via the "sudo" group.

We could add users in the sudo group to sambashare, however I don't
think that's really a good idea:

1. The sudo group isn't likely to go away like admin did, but it's still
   an arbitrary group, and sudo does have alternatives (polkit, doas), so
   it's not really *guaranteed* to stay forever.
2. There's nothing that removes users from sambashare when they're
   removed from the admin/sudo group.
3. Users in the sudo group can add themselves to the sambashare group.
4. This has been broken for almost 10 years, with the problem being noticed
   only when the mechanism did something unexpected.

[1] https://wiki.ubuntu.com/PrecisePangolin/ReleaseNotes/UbuntuDesktop#PrecisePangolin.2FReleaseNotes.2FCommonInfrastructure.Common_Infrastructure

LP: #1942195

- - - - -
e5301db1 by Mathieu Parent at 2021-10-06T07:09:17+00:00
Merge branch 'postinst-drop-ubuntu-admin' into 'master'

samba.postinst: do not populate sambashare from the Ubuntu admin group

See merge request samba-team/samba!54
- - - - -


1 changed file:

- debian/samba.postinst


Changes:

=====================================
debian/samba.postinst
=====================================
@@ -59,20 +59,6 @@ umask 022
 if ! getent group sambashare > /dev/null 2>&1
 then
 	addgroup --system sambashare
-	# Only on Ubuntu, use the "admin" group as a template for the
-	# initial users for this group; Debian has no equivalent group,
-	# so leaving the sambashare group empty is the more secure default
-	if [ -x "`which lsb_release 2>/dev/null`" ] \
-	   && [ "`lsb_release -s -i`" = "Ubuntu" ]
-	then
-		OLDIFS="$IFS"
-		IFS=","
-		for USER in `getent group admin | cut -f4 -d:`; do
-			adduser "$USER" sambashare \
-			|| ! getent passwd "$USER" >/dev/null
-		done
-		IFS="$OLDIFS"
-	fi
 fi
 
 if [ ! -e /var/lib/samba/usershares ]



View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/a0059c86dd48eb6a2556445cf7fcad8ea89f4a9c...e5301db19e817af0bf86bdd385422a6d286eec8a

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/a0059c86dd48eb6a2556445cf7fcad8ea89f4a9c...e5301db19e817af0bf86bdd385422a6d286eec8a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20211006/a71c7831/attachment.htm>

More information about the Pkg-samba-maint mailing list