Hi,
I already use groupadd command to create a new group.
sudo groupadd --extrausers test_g
but how to add a extra user to this group? thanks.
Hi,
I already use groupadd command to create a new group.
sudo groupadd --extrausers test_g
but how to add a extra user to this group? thanks.
i fear you have to edit /var/lib/extrauser/group manually currently to add the user to that group…
Is adduser
included in Core devices? If it is then we could try:
sudo adduser --extrausers $user $group
I haven’t tested whether this actually works though, so please be kind if I’m way off base :-p
not sure it works like this (last time i checked, adduser didnt support additional groups with the extrausers setting) … but yes if it would work, you could indeed use it on development images …
but that wont help with production, there is no way beyond manually via ssh login to call adduser, the only properly usable interface for adding a user to core is via snapd and its snap create-user
command or via system-user assertions …
also note that core is by design not really created for multi-user setups.
I was just going to file a new thread about this issue, after speaking with @jamesh about it - I was wondering if this recent thread was a similar problem, but I think it’s not, and this is a “pure” tooling issue.
Here’s how it comes up for me in practice
lxd
group in extragroups
successfully.As far as I can tell there’s no way to do this beyond actually editing extragroups
myself. Neither usermod
nor adduser
can do it. In Ubuntu (therefore core) we have some patches to useradd
to support extra{users,groups}
, but they 're incomplete; usermod
does not support extragroup
. (There is no call to gr_setdbname
for usermod
.) I guess that is simply work that needs to be done.
Now that’s for the interactive case. What about when deploying using cloud-init
or using a model (required-snaps
) & a system-user assertion as @ogra was getting at 1 year ago? Can someone else comment - is there a declarative way here to achieve this same thing? Create user, install lxd snap, add user to lxd group. Or is it direct file modification there too?
Unfortunately this is correct.
Well, tbh if you are deploying using cloud-init, sky’s the limit as to what you can do with cloud-init, so we’re not going to add support for specific cloud-init things. Presumably the language that cloud-init supports for configuring groups when used in practice simply just doesn’t work on Core, and if the patches you mention are expanded to make usermod, etc. work then probably it will work but cloud-init has always been a bit weird on an ubuntu core system anyways so fixing this specific scenario is pretty low on our priority list just as an FYI.
We have started design discussions about how to do this, probably adding users to groups will be done in the following ways (probably roughly in order):
snap create-user
command there will be some kind of option too, since this is just driving the REST API mentioned above.After that, we have not yet discussed at all how to add an existing user to a group, again probably that will be a “snap usermod” command or some such that maps back to a REST API, but this case is more complicated than the case of “create a user and put them in these groups”.
So the current patches mostly revolve around adding an option to switch the utility from dealing with databases in /etc
to databases in /var/lib/extrausers
. That works reasonably well for creating new users, or new groups to act as a primary for a new user.
Having the usermod
command work on the extrausers group database would probably handle your case for adding an extrausers user to an extrausers group. That still leaves a bunch of other problems though:
/etc/passwd
users to an extrausers group./etc/passwd
user.Ideally you want all the commands to act on the two sets of databases as one, rather than being able to switch between them.
I don’t really want to care about this implementation detail when
mainpulating users, that much is true. I would rather in the final
implementation that it’s all transparent as far as
extrausers/extragroups is concerned - that goes for all of the discussed
ways of managing users/groups.
What’s particularly bad right now is usermod silently fails for extrausers group modification. It doesn’t make any changes and returns success.