naming an new user 'admin' in gnome user managment compromises user groups/rights
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gnome-system-tools (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
Ubuntu 8.10 / gnome
When you add a new user using the gnome built in user managment and name the user 'admin' it will overwrite the privileged user group admin with a new group id (>1000) and delete all other users from this group.
As a result all other users (also the one performing the action) will loose admin privileges and sudo rights.
This step is also very hard to take back, a simple 'sudo adduser otherusers admin' wont help since the groupid is changed and even changing the gid back to the original value is not enough.
kde overcomes this problem by adding '_#' to the usergroup in case it allready exists. (ie 'admin_1').
I think this is a quite dangerous bug, since it affects especially inexperienced users which rely on the gui. Destroying the user groups managment with a username should not be possible.
I am at work right now and can specify the package. Will add later.
| description: | updated |
| Andy Loughran (andylockran) wrote | #1 |
| Martin Meredith (mez) wrote | #2 |
| Chris Coulson (chrisccoulson) wrote | #3 |
| Changed in gnome-system-tools: | |
| status: | Confirmed → Invalid |
Can confirm on jaunty. Using gnome inbuilt user administration tool.