So, I've noticed this since day one it seems, and I'm finally curious
enough about the behavior to ask on this list.
Why does Ubuntu put the default user into so many friggin' user groups?
Seriously! Try removing yourself from the CDROM group, and see what
happens when you put in a CD. What gives?
This isn't from upstream Debian, and it's not common behavior on any
other operating system that I'm aware of. Is this an extension of
PolicyKit or PAM or something. Why does the user need to be a part of
the 'scanner' group, even when I don't have a scanner installed? Really,
it seems Ubuntu is complicating everything that used to be so simple
about Unix, because they're trying so hard to be like Windows.
--
. O . O . O . . O O . . . O .
. . O . O O O . O . O O . . O
O O O . O . . O O O O . O O O
It wasn't meant to be harsh. I'm upset that when I get on an Ubuntu
machine, it feels less and less like a Unix machine. I'm getting to the
point where I need a separate set of training to understand the changes
Ubuntu is making their operating system, where these changes don't exist
anywhere else, especially upstream. Ultimately, it's their decision, and
I respect that. Canonical and the Ubuntu development team can do
anything they wish with their OS. After all, it _is_ an operating system.
> We have to "complicate" a base Linux setup in
> Ubuntu to make it work on the widest varitety of hardware setups . You
> made not have a scanner, but we want Ubuntu to work seamlessly if
> someone plugs in in a scanner.
I understand that, but working with the largest set of hardware just
requires drivers to power the hardware, nothing more. This is why Ubuntu
is so successful. They'll ship proprietary drivers and blobs, where
others won't. Wireless, video, sound, and many other cards work in
Ubuntu and not Fedora or Debian, because of these drivers.
Where Ubuntu is doing their own thing, and ultimately complicating the
setup, is the configuration file changes, that aren't necessary.
> It is the question, do we want Linux to be a hobbyist OS or do we want
> to complete for market share someplace other than servers.
I'm all for competing, but complicating the setup doesn't seem like the
right set of moves to be making.
For example, on this groups issue I brought up. Say the user wants to
add himself to some group, for whatever purpose. He searches the
Internet a bit, and finds from some random user:
$ sudo usermod -G group_name user
After doing so, he later finds he lost all the groups he was just
previously a member of! How does he fix it? How does he know what groups
he was in? Of course, this would be a problem for any number of groups
that he was in, but now that _lots_ of stuff doesn't work, like his
scanner or cdrom, because he lost those groups, means a painful
experience of getting everything back in order. Had he been in one or
two additional groups, this wouldn't be so bad.
I guess I'm asking this: what is the technical reason for putting the
default user into several groups, when it provides no apparent technical
advantages, and could mean a nightmare of a challenge should he lose
being a member of a group? Why is this implemented?
This is odd to me. Why should you be a member of your group to access
hardware? Isn't that the kernel's responsibility? On my Debian machine:
uid=1000(aaron) gid=1000(aaron) groups=119(fuse),1000(aaron)
I'm in the fuse group, so I can mount fuse filesystems locally to one of
my directories without root privileges. However, I can still access
audio cds, play music, access my attached printer, watch videos, mount
thumb drives, and everything else just fine. I'm failing to see the
advantage adding myself to 13 groups provides.
Now, maybe this is standard, tacking on 13 groups to the default user.
However, here's Solaris:
uid=1001(aaron) gid=1(other)
... and HP-UX:
uid=106(aaron) gid=20(users)
... and RHEL:
uid=503(aaron) gid=503(aaron) groups=503(aaron)
However, pulling up Mac OS X is completely different:
uid=502(aaron) gid=20(staff)
groups=20(staff),402(com.apple.sharepoint.group.1),204(_developer),100(_lpoperator),98(_lpadmin),81(_appserveradm),80(admin),79(_appserverusr),61(localaccounts),12(everyone),403(com.apple.sharepoint.group.2),401(com.apple.access_screensharing)
Really odd group accounts too, but whatever. Not sure how much is
actually necessary, like "com.apple.sharepoint.group.1". So, maybe
Ubuntu is trying to mimic Mac OS X? I'm still failing to see the
advantages though.
> If you want stuff to "just work" and not require any manual
> configuration, use Ubuntu. If you want a stripped, strict
> UNIX-standard system maybe Ubuntu isn't the right answer for your
> system.
I'm not looking for any answer to my needs. I've already found it, and
Ubuntu fits in that picture. What I'm asking is why the change/need,
when I can easily do everything on Debian, being in 2 groups, that takes
13 to do on Ubuntu.
Consider for a moment Fedora moving X11 from tty7 to tty1. It was a
change that brought no apparent advantage, and broke tons, and tons of
documentation. The developers were just tired of it on tty7, and thought
it was time for a change.
If a change warrants a strong technical advantage, or clearly brings
about great benefits, then by all means make the change, but what does
moving X11 from tty7 to tty1 or putting a user in 13 default groups do
for the system? I'm not griping as much as I really want to know.
Are you forgetting about pam_console and friends? Setting permissions on devices is an important part of letting the kernel do its job.
Consider for a moment Fedora moving X11 from tty7 to tty1. It was a change that brought no apparent advantage, and broke tons, and tons of documentation. The developers were just tired of it on tty7, and thought it was time for a change.The stated reason for the change was not boredom, it was "to avoid flicker". I think that's baloney, but it still kills your example.
Maybe I want to be able to use my cdrom, scanner and soundcard but I don't want little Bobby using anything other than the soundcard. Ubuntu's method allows me to easily enforce that. (Although I think configuring pam_console is a better solution.)
On Thu, Dec 3, 2009 at 4:26 PM, Aaron Toponce <aaron....@gmail.com> wrote:
This is odd to me. Why should you be a member of your group to access
hardware? Isn't that the kernel's responsibility? On my Debian machine:
uid=1000(aaron) gid=1000(aaron) groups=119(fuse),1000(aaron)
I'm in the fuse group, so I can mount fuse filesystems locally to one of
my directories without root privileges. However, I can still access
audio cds, play music, access my attached printer, watch videos, mount
thumb drives, and everything else just fine. I'm failing to see the
advantage adding myself to 13 groups provides.
Now, maybe this is standard, tacking on 13 groups to the default user.
However, here's Solaris:
uid=1001(aaron) gid=1(other)
... and HP-UX:
uid=106(aaron) gid=20(users)
... and RHEL:
uid=503(aaron) gid=503(aaron) groups=503(aaron)
<snip>
By way of comparison though, when I used Fedora and installed my scanner stuff I had to add myself to the scanner group in order to use the scanner. So you need to do it later even on these other systems.
Will--
--
ubuntu-us-ut mailing list
ubuntu...@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-ut
--
Site: http://www.oalug.com
Mailing list: http://groups.google.com/group/oalug
IRC: #oalug on irc.freenode.net