[Bug 1878654] Re: Remove automatically added groups from os-login

Steve Beattie 1878654 at bugs.launchpad.net
Thu May 21 18:36:37 UTC 2020 

Because these packages may end up getting copied to the security
pockets, these have been built in the ubuntu-security-proposed ppa:

  https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/

Direct links to the packages are

focal:
  https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+sourcepub/11292227/+listing-archive-extra

eoan:
  https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+sourcepub/11292236/+listing-archive-extra

bionic:
  https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+sourcepub/11292244/+listing-archive-extra

xenial:
  https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+sourcepub/11292249/+listing-archive-extra

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gce-compute-image-packages in
Ubuntu.
https://bugs.launchpad.net/bugs/1878654

Title:
  Remove automatically added groups from os-login

Status in gce-compute-image-packages package in Ubuntu:
  Fix Released
Status in gce-compute-image-packages source package in Xenial:
  New
Status in gce-compute-image-packages source package in Bionic:
  New
Status in gce-compute-image-packages source package in Eoan:
  New
Status in gce-compute-image-packages source package in Focal:
  New
Status in gce-compute-image-packages source package in Groovy:
  Fix Released

Bug description:
  [Impact]

  The google_oslogin_control script included in the google-compute-
  engine-oslogin binary package adds every new user to several
  unnecessary/unexpected groups. Upstream recommends disabling this
  behavior.

  [Test Case]

  Examine the /usr/bin/google_oslogin_control and ensure that the variable
  assignment for

    group_conf_entry

  in the modify_group_conf() function does not contain any of the
  following groups:

    dip, plugdev, adm, docker, lxd

  [Regression Potential]

  Implemented incorrectly, this could break group setup for users on new
  gce instances. Users may also have to alter configuration management
  tools that expect users to already have access to e.g. the docker or
  lxd group by default.

  [References]

  Upstream PR and commits:

    https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29

    https://github.com/GoogleCloudPlatform/guest-
  oslogin/commit/50b0fb7b5804c22ef9581e7dc91875801dfa5469

    https://github.com/GoogleCloudPlatform/guest-oslogin/pull/30

    https://github.com/GoogleCloudPlatform/guest-
  oslogin/commit/88f1ba85e20b3b3a07bfad2eeb723a6b06e41fc8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gce-compute-image-packages/+bug/1878654/+subscriptions

More information about the foundations-bugs mailing list