From: Karol Lewandowski <k.lewandowsk@samsung.com>
Date: Thu, 9 Aug 2018 10:45:01 +0000 (+0200)
Subject: Do not assign supplementary groups
X-Git-Tag: accepted/tizen/unified/20180917.195204~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=278c288f95e2612d4691c316969233996ef84444;p=platform%2Fupstream%2Fgumd.git

Do not assign supplementary groups

Due to splitting password and group database to read-only db (standard
/etc/) and read-writable (/opt/etc/) it might no longer be possible to
add newly created users to system groups.  Precisely, adding user to
system given group requires appending user name to /etc/group, which
is on read only partition.  It's not possible to add such entry to
/opt/etc/group because it would not only require group name (and id)
duplication, but also it would require changing all the supporting
code to look for multiple group definitions.

To handle above problem gumd will no longer assign group membership at
user creation.  It will also use standard /etc/group (and gshadow).

Assiging users to correct groups will be handled by security-manager
nss plugin.

Change-Id: I86af2d41f07f13f0d0e6904cfb7b45fe84594ea7
---

diff --git a/data/tizen/etc/gumd/gumd-tizen-common.conf b/data/tizen/etc/gumd/gumd-tizen-common.conf
index c7345d4..2afbcc4 100755
--- a/data/tizen/etc/gumd/gumd-tizen-common.conf
+++ b/data/tizen/etc/gumd/gumd-tizen-common.conf
@@ -15,11 +15,11 @@ USR_PRIMARY_GRPNAME=users
 # Comma separate listed of groups, which every user (other than system user)
 # will be added to at the time of user account creation. Default value is:
 # ''
-DEFAULT_USR_GROUPS=audio,video,display
+#DEFAULT_USR_GROUPS=audio,video,display
 
 # Comma separate listed of groups, which admin user will be added to at the
 # time of user account creation. Default value is: ''
-DEFAULT_ADMIN_GROUPS=audio,video,display
+#DEFAULT_ADMIN_GROUPS=audio,video,display
 
 # Path to passwd file which represents user information. Default is
 # /etc/passwd. More information about the file format can be read at the
@@ -40,14 +40,14 @@ SHADOW_FILE=/opt/etc/shadow
 # 'group'.
 # Can be overriden in debug builds by setting UM_GROUP_FILE
 # environment variable.
-GROUP_FILE=/opt/etc/group
+GROUP_FILE=/etc/group
 
 # Path to group file which represents shadowed group information.
 # Default is /etc/gshadow. More information about the file format can be read
 # at the manpages for 'gshadow'.
 # Can be overriden in debug builds by setting UM_GSHADOW_FILE
 # environment variable.
-GSHADOW_FILE=/opt/etc/gshadow
+GSHADOW_FILE=/etc/gshadow
 
 # Prefix to be used when creating home directory for the user. For example,
 # with prefix '/home', user 'newu' home directory will be created as
diff --git a/data/tizen/etc/gumd/gumd-tizen-ivi.conf b/data/tizen/etc/gumd/gumd-tizen-ivi.conf
index bd70aed..f784741 100644
--- a/data/tizen/etc/gumd/gumd-tizen-ivi.conf
+++ b/data/tizen/etc/gumd/gumd-tizen-ivi.conf
@@ -15,7 +15,7 @@ USR_PRIMARY_GRPNAME=users
 # Comma separate listed of groups, which every user (other than system user)
 # will be added to at the time of user account creation. Default value is:
 # ''
-DEFAULT_USR_GROUPS=weston-launch,video
+#DEFAULT_USR_GROUPS=weston-launch,video
 
 # Comma separate listed of groups, which admin user will be added to at the
 # time of user account creation. Default value is: ''