@vorlon on the question of where it's added by default, that's in the
cloud-init default configuration which lives in /etc/cloud/cloud.cfg and
contains the following stanza (redacted for brevity):
system_info:
...
default_user:
...
groups: [adm, audio, cdrom, dialout, dip, floppy, lxd, netdev, plugdev,
sudo, video]
I'd echo xnox's point that as the user is being added to adm and sudo, I
don't think there's any particular security concern here.
On the subject of choice of groups, it would be nice to echo raspios'
setup which is to use a "gpio" group to permit access to the GPIO
related devices (/dev/gpiomem, /dev/gpiochip*), an "spi" group for the
SPI buses (/dev/spidev*), and an "i2c" group for the I2C buses
(/dev/i2c-*).
However, I ran out of time to go fiddling with defining new groups and
ensuring the default user is in all those new groups on both the desktop
and server images. Upstream in Debian (and hence in Ubuntu), "dialout"
is already used for GPIO access (which makes sense given the serial pins
are part of the GPIO header, just like SPI and I2C), and (as noted
above) we already add the user to this group on the server image, so it
seems a reasonable approach to achieve the ultimate goal of providing
the default user access to the GPIO header without having to jump to
root to do so.
And just to answer @xnox's query as to what exactly this is for, it's
access to the GPIO header as a whole, including i2c, gpiomem (although
ideally gpiochip* actually as that's the preferred device to use for
GPIO access now), etc. just in case that's not clear from the above.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1923363
Title:
[FFe] Users are not added to the dialout group
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1923363/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
