On Wed, 30 Aug 2023 at 11:44:56 +0200, Michael Biebl wrote:
> [iwd] triggers a warning on every start or reload of dbus:
>
> Aug 08 20:01:51 pluto dbus-daemon[706]: Unknown group "wheel" in message bus
> configuration file
>
> I do consider this a bug in the configuration that is shipped by the iwd
> package.
I agree with Michael. Debian packages should only refer to groups
that are reserved by base-passwd, the package itself, or the package's
dependencies.
This is arguably even a security issue: the "wheel" group name is not
reserved on Debian systems, so there would be nothing preventing a user
(presumably one without knowledge of 1980s Unix tradition or conventional
group names in non-Debian distros) from creating a new user/group of
that name, not expecting that it would grant extra privileges.
The closest Debian equivalent of other distros' wheel group is the
sudo group, as defined by base-passwd.
(It would probably also be better if iwd could avoid group-based policy in
dbus-daemon configuration files and instead use polkit to query policy,
but I realise that's non-trivial upstream development work, and it's
out of scope for this particular bug.)
smcv
