Hello,
The regular user created by the debian-installer is still added to
several groups[0] by default (contrary to the other users created by
adduser later), but these days with udev/logind/polkit... this doesn't
seem necessary at all; the different desktop environments work perfectly
without these extra privileges out of the box (in the past, you needed
the video and audio group to have 3D acceleration and audio).
This could also be seen as a security issue as, on a machine with
multiple users, the first (regular) user could listen to the audio or
watch the screen of other users without elevating their privileges
explicitly.
There are different bugs that are open for years about this, but AFAIK,
there was nothing was really discussed(?).
IMVHO, only the "users" group should stay (d-i and adduser should be
kept in sync regarding the added groups) and the other groups should be
dropped. ATM, the "passwd/user-default-groups" is marked as "for
internal use only" but maybe that should be made configurable if a user
has a specific need?
What is the position of the debian-installer maintainers here?
Kind regards,
Laurent Bigonville
[0] The default groups are: "audio cdrom dip floppy video plugdev netdev
scanner bluetooth debian-tor lpadmin"
