[Adduser-devel] Bug#693218: adduser --system should default to --group

Wessel Dankers wsl-deb-bug-submit at fruit.je
Wed Nov 14 11:36:18 UTC 2012

Package: adduser
Version: 3.112+nmu2
Severity: wishlist
Tags: security


Currently, system users get nogroup (65534) as their default primary group.

However, multiple (system) accounts sharing a common group is not good
from a security standpoint. It gives unrelated processes access to each
other's files and other resources.

While this could be considered a bug in the invoker's script, it's
something that is easy to overlook and it could be argued that defaults
should be sane and secure (‘graceful degradation’).

Please make --group the default for --system.

Kind regards,

Wessel Dankers <wsl-deb-bug-submit at fruit.je>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20121114/10c5fd63/attachment.pgp>

More information about the Adduser-devel mailing list