User Accounts profiles need to be updated for Ubuntu

Could you describe in which situation a normal user would need those? The dialog has a support for profiles, i.e an user can be a normal user or an admin one, those profiles should handle most of the needs, especially if the sysadmin can add custom profiles. Is there a real need to modify the user directory, shell or user id from a simple ui? If you are technical enough to change those you can probably use a command line, those are not settings that users should have to change and exposing them in an u.i can lead to users trying and breaking things

1. Group management and groups membership
A newly created user is only member of its own group
$ id test02
uid=1003(test02) gid=1003(test02) groups=1003(test02)

John, a not so powerful adminof his home sytem, wants to access his modem or fax for example? Or any other devices based on group membership.

John wants to create a shared directory on his system for Photos, Videos and Musics and only members of group 'personalmedia' have write access to it. He needs to be able to create the group in the first place.

2. Support for profile ?
There is a profile 'administrator' which actually adds the user to a useless group 'admin'. The legacy admin account being 'adm'
How does the sysadmin adds custom profiles ?

3. Home directory
John wants to store additional accounts on an additional disc mounted on /data/users. So he wants users already created to stay on /home and new users created on /data/users

4. Shell
By default the shell is /bin/dash, John really likes his customized prompt, command history and command completion. So he wants bash

5. User Id
John used dejadup to restore home directories from his broken home desktop to a shiny new system and he wants to recreate the users with to match with his poor broken system.
He has a powerful graphical one-click solution to restore nearly everything and must recreate all the users from the command line. :(

That's just a few examples that comes to mind, the most important being the lack of group management.

Thanks for the reply

> 1. Group management and groups membership

That's a bug, a new added user should be part of the standard needed groups, we need to build a list of those (using what the old tools was doing would be a start) and change the standard and admin profiles to match what is needed

> 2. Support for profile ?

similar bug, the admin profile should add users the right groups

> 3. Home directory

we can discuss with upstream adding that option somewhere in the ui though it seems rather a non standard use to me

> 4. Shell

there is a bug open about that I think, the default user shell should not be "sh"

> 5. User Id

We should perhaps include user creation to deja-dup in some way if that's the usecase there, I'm Cc-ing mterry to the bug in case he has an opinion about that

Well, it seems that your issues is mostly that the default profiles have not been adapted to use the right groups on Ubuntu added with some bugs, I think that having the profiles right would catch most of the normal use. It's likely that upstream will argue against adding extra features like the user id or the user directory to the options because they will see that as administrators features and the control-center is supposed to be a normal user configuration tool, not a detailled administration utility.

Also, the example of using groups to control device access is pretty much obsolete now, as this is mostly done using ACL's with udev-acl/consolekit, rather than using unix groups - I don't even think the fax group is used anymore (there is no udev rule which sets device nodes to that group name)

Chris Coulson [2011-07-19 9:20 -0000]:
> Also, the example of using groups to control device access is pretty
> much obsolete now, as this is mostly done using ACL's with udev-
> acl/consolekit, rather than using unix groups - I don't even think the
> fax group is used anymore (there is no udev rule which sets device nodes
> to that group name)

That's right. The only groups that are still relevant are adm, admin,
lpadmin, and sambashare.

Martin

--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)

ok, the issues are mostly in accountsservice, one fix to the default shell issue would be to switch adduser instead of useradd (the useradd manpage itself recommends to use adduser on Debian). Alessio, I noticed that you are subscribed to launchpad bugs, is that something you want to do in Debian? Do you want a bug in the BTS about it?

the default ubiquity created users is added to those groups "username adm dialout cdrom plugdev lpadmin admin sambashare", the admin profile should probably match those

Please don't put users into "dialout", "cdrom", and "plugdev", these groups are really obsolete. ubiquity should stop using these groups, too.

Also, accountsservice is in collab-maint, and as the useradd->adduser change is equally important for Debian, we can just do the change ourselves.

Sebastien,

yes, I intend to properly fix this as soon as possible.
A bug in BTS would be appreciated though.

Please note I'm in a sort of vacancy-mode these days, I'll be back in action Monday.

Sebastien,

I'm working on the new upstream release of accountsservice (I think I'll be able to upload the new package to unstable tomorrow), you can see the progress here:
http://anonscm.debian.org/gitweb/?p=collab-maint/accountsservice.git

If customizing the login shell is the point, I think replacing useradd with adduser is something unnecessary as it provides the '-s' option to set the user's shell, so which benefits we can get by doing that switch?

We discussed that with serveral people and Colin Watson and some others suggested still to use adduser on Debian,Ubuntu system, there is a reason why Debian recommends in the useradd manpage to use this one, it will do extra checking and has better integration with the distribution

OK, I'll go ahead patching the sources.

Thanks, the current practical issue is the sh one but using adduser will probably avoid other similar integration issues later on

Uploaded to Debian sid, I'm waiting to see it published.

Well, accepted in Debian.

Could anyone have a look and possibly sync it from unstable?

And, of course, the package builds fine in Oneiric:
http://debomatic64.debian.net/oneiric/pool/accountsservice_0.6.13-1/

I will sync it thanks

This bug was fixed in the package accountsservice - 0.6.13-1

---------------
accountsservice (0.6.13-1) unstable; urgency=low

  * New upstream release:
    - honor aclocal flags environment variable
    - set log domain so it can be hushed
    - use wtmp instead of consolekit for determining login frequency
      + Use the POSIX wtmpx database instead of ConsoleKit as source for
        calculating login frequency. This is more portable and much
        simpler. Also, it allows us to prepare accountsservice for the
        post-CK times. (upstream bug: https://bugs.freedesktop.org/39295)
    - leak and warning fixes
    - clean up polkit deprectation warnings
    - add '--' before username to account helper programs
  * Dropped patches (they don't apply for now):
    - 0001-do-not-consider-system-users-returned-from-consolekit.patch
    - 0003-getpwnam_null_crash.patch
    - 0004-history-filter-sessions.patch
  * Refreshed:
    - 0002-create-and-manage-groups-like-on-a-{debian,ubuntu}-system.patch
    - 0005-gdm_config_file_path.patch
  * Update symbols.
  * debian/patches/0006-adduser_instead_of_useradd.patch
    - Replace useradd with adduser to comply with Debian Policy.
      In collaboration with Ubuntu, thanks to Sebastien Bacher and other
      Ubuntu guys (LP: #810907).
  * Remove the dummy package gir1.2-accountservice-1.0, the previous version
    has already reached Wheezy and there is no reverse dependencies.
 -- Sebastien Bacher <email address hidden> Tue, 26 Jul 2011 16:42:42 +0000

Rodrigo could you have a look at making the default profiles match the groups described in comment 8 and 9? Do we need to update accountsservice or gnome-control-center for that?

accountsservice (0.6.13-1ubuntu4) oneiric; urgency=low

  * debian/patches/0002-create-and-manage-groups-like-on-a-ubuntu-system.patch:
    - Add admin users to the same groups as Ubiquity (LP: #810907)

 -- Rodrigo Moya <email address hidden> Mon, 22 Aug 2011 17:41:16 +0200