From b889b82a9251343e850936f949c0c7e8a48fc80e Mon Sep 17 00:00:00 2001
From: Felipe Sateler <fsateler@debian.org>
Date: Tue, 30 Jan 2018 15:21:48 -0300
Subject: [PATCH] Drop several groups from the default user groups

Drops audio, cdrom, floppy, video, plugdev, netdev, scanner and bluetooth from the default
groups to add to the first user created.

On modern systems, access control to devices is dynamic, and thus access to the relevant hardware
is by default given to the currently physically logged-in user, and then access is revoked when they log out.
These groups thus are unnecessary and possibly harmful (as they allow eavesdropping or modifying devices in
use by other users). They can always be added by the admin if so desired.

Closes: #821424, #766914
---
 debian/user-setup-udeb.templates | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/user-setup-udeb.templates b/debian/user-setup-udeb.templates
index 45e16b4..e735c42 100644
--- a/debian/user-setup-udeb.templates
+++ b/debian/user-setup-udeb.templates
@@ -19,7 +19,7 @@ Description: for internal use only
 # Allow preseeding the groups to which the first created user is added
 Template: passwd/user-default-groups
 Type: string
-Default: audio cdrom dip floppy video plugdev netdev scanner bluetooth debian-tor lpadmin
+Default: dip debian-tor lpadmin
 Description: for internal use only
 
 Template: passwd/root-login
-- 
2.15.1