Adding users to system groups doesn't seem to work
This is probably an all-atomic-even-non-desktop issue, but I didn't know where else to file it.
I looked into https://bugzilla.redhat.com/show_bug.cgi?id=2349572 , and found I can reproduce it apparently reliably - but only on Atomic installs. It seems to be impossible to effectively add users to groups that are defined in /usr/lib/group. To reproduce:
- Do a clean install of Silverblue 42
- Create an admin user called 'test' during initial setup
- Log in as test, go to a console, run:
sudo usermod -a -G dialout test - Reboot, log in as test again, go to a console, run
groups - Try and do something that requires dialout membership, like reading from /dev/ttyS0
For me, this reliably doesn't work - test is not added to dialout, neither according to the output of groups nor in practice (they can't do things they would be able to as a member of dialout).
It seems like, on Atomic, most group definitions are moved from /etc/group to /usr/lib/group at ostree build time. I don't see dialout in /etc/group but I do see it in /usr/lib/group.
When I run the usermod command it seems like the membership is added to /etc/gshadow:
root@fedora:/var/home/test# grep dialout /etc/gshadow
dialout:::testbut somehow this is not taking effect.
By comparison, if I create a new group with groupadd, and add test to it:
sudo groupadd testgroup
sudo usermod -a -G testgroup testand then reboot, it works: groups shows test as being in testgroup. In this case the group is defined in /etc/group, and test's membership seems to be defined in both /etc/group and /etc/gshadow:
root@fedora:/var/home/test# grep testgroup /etc/gshadow
testgroup:!::test
root@fedora:/var/home/test# grep testgroup /etc/group
testgroup:x:1001:test