Hi Jason,
thanks for presenting your arguments!
On Tue, 22 Apr 2025, Jason Franklin wrote:
On Mon, Apr 21, 2025 at 11:14:47PM +0200, Tomas Pospisek wrote:
On Mon, 21 Apr 2025, Marc Haber wrote:
Well, I mean the goal of "adduser user group" is to add a user to a group...
except that - it doesn't.
I think you're confusing what you want done with what is actually done.
The command "adduser foo bar" updates system records to indicate that
user "foo" has membership in supplementary group "bar". The goal of this
command is to update these records, and it ~does~ do this.
The fact that existing shell sessions must be reinitialized is really
just part of how the OS works.
The man page says:
Add an existing user to an existing group
If called with two non-option arguments, adduser will add an
existing user to an existing group.
It doesn't talk about anything of what you've written above. The canonical
tool to verify whether a user is member of a group is `id`:
$ sudo adduser joe fancyusers
$ id
uid=1000(joe) gid=1000(joe)
groups=1000(joe)
which tells me that adduser in fact did *not* add the user to the group.
In my opinion the goal of Debian is to serve its users. When the manpage
is quiet about why after adding a user to a group the user is still not
member of the group then that is *not* serving the user IMO.
At some point I have somehow found out that using some other magic in
addition is necessary. Other users of adduser might not know and just think
that `adduser user group` doesn't work or is broken or ...
I actually wouldn't rely on "newgrp" too much for this purpose. It may
not work the way you think.
For example, on Debian "newgrp" creates subprocesses instead of
replacing the shell. On some systems, the shell actually is replaced.
Try this...
$ pstree -ps $$
$ newgrp
$ pstree -ps $$
It may illustrate what I'm talking about. You get a subshell, and you
need to exit or logout twice to get out now.
This is the case on my system, which is older… may have been updated.
In light of this, I think "newgrp" is more useful for temporarily
assuming a group identity to do some stuff and then backing out to your
login identity.
You can tell users to run "newgrp" when you add them to a group, but
they'll have to do this in every open session. Also, they may be
confused if they exit the new shell and they go back to their old
identity.
The way to avoid any confusion, I've found, is just to tell the user to
"fully logout and log back in" and then go about their business.
I can agree to that.
So let's point the user to some explanation instead of not doing what a
user without any additional experience would expect and not saying
anything about the problem that `adduser user group` has.
I don't think the adduser man page should make mention of newgrp. We
don't own that tool (the "login" package does).
The adduser man page doesn't own anything. It lives in a context, which is
Unix I'd guess, and can try to be useful in that context. So if
adduser behaves in some unexpected way when interacting with Unix then
it should tell the user IMO.
?
*t
