GNOME Bugzilla – Bug 580182
users-admin allows the creation of user's with predefined group names
Last modified: 2009-07-26 20:59:45 UTC
Please describe the problem: users-admin allows one to create a user with a predefined group name, and thus, the group gets overwritten for the new user. For example, if someone creates a new user called 'admin' on Ubuntu, this creates a new user called admin and adds this user to a new 'admin' group - rendering system administration useless with sudo. Reported on Launchpad here: https://bugs.launchpad.net/ubuntu/+source/gnome-system-tools/+bug/236305 Steps to reproduce: Actual results: Expected results: Does this happen every time? Other information:
Created attachment 133278 [details] [review] Patch which prevents the creation of user with existing group names
I'd like to stress the urgency of this. The previous behaviour led and still leads to loads of problems if people create an "admin", "adm", "sound", or other user, which totally wedges the permission system.
Very problematic indeed! I've modified your patch to avoid duplicating the group_exists() function, improved a few messages to make them match their equivalent in usernames, and pushed this as 90f34bc566857a037d65daaa302da43b2cf8a0b3. BTW, I've discovered a typo that allowed to seemingly create groups with already existing names. These were not overwriting previous ones, though, AFAIK.