[Bug 1878654] Re: Remove automatically added groups from os-login

Launchpad Bug Tracker 1878654 at bugs.launchpad.net
Tue May 19 23:47:34 UTC 2020 

This bug was fixed in the package gce-compute-image-packages -
20190801-0ubuntu5

---------------
gce-compute-image-packages (20190801-0ubuntu5) groovy; urgency=medium

  * Disable automatic adding of groups to all users (LP: #1878654)
    - d/p/0006-Remove-OS-Login-users-from-admin-groups.-29.patch: remove
      adm, docker, and lxd groups
    - d/p/0007-Remove-local-user-groups-for-OS-Login-users.-30.patch:
      remove dip and plugdev groups

 -- Steve Beattie <sbeattie at ubuntu.com>  Thu, 14 May 2020 15:25:37 -0700

** Changed in: gce-compute-image-packages (Ubuntu Groovy)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gce-compute-image-packages in
Ubuntu.
https://bugs.launchpad.net/bugs/1878654

Title:
  Remove automatically added groups from os-login

Status in gce-compute-image-packages package in Ubuntu:
  Fix Released
Status in gce-compute-image-packages source package in Xenial:
  New
Status in gce-compute-image-packages source package in Bionic:
  New
Status in gce-compute-image-packages source package in Eoan:
  New
Status in gce-compute-image-packages source package in Focal:
  New
Status in gce-compute-image-packages source package in Groovy:
  Fix Released

Bug description:
  [Impact]

  The google_oslogin_control script included in the google-compute-
  engine-oslogin binary package adds every new user to several
  unnecessary/unexpected groups. Upstream recommends disabling this
  behavior.

  [Test Case]

  Examine the /usr/bin/google_oslogin_control and ensure that the variable
  assignment for

    group_conf_entry

  in the modify_group_conf() function does not contain any of the
  following groups:

    dip, plugdev, adm, docker, lxd

  [Regression Potential]

  Implemented incorrectly, this could break group setup for users on new
  gce instances. Users may also have to alter configuration management
  tools that expect users to already have access to e.g. the docker or
  lxd group by default.

  [References]

  Upstream PR and commits:

    https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29

    https://github.com/GoogleCloudPlatform/guest-
  oslogin/commit/50b0fb7b5804c22ef9581e7dc91875801dfa5469

    https://github.com/GoogleCloudPlatform/guest-oslogin/pull/30

    https://github.com/GoogleCloudPlatform/guest-
  oslogin/commit/88f1ba85e20b3b3a07bfad2eeb723a6b06e41fc8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gce-compute-image-packages/+bug/1878654/+subscriptions

More information about the foundations-bugs mailing list