You are not logged in.
I'm trying to setup some security measures for the Arch users in our company (including me). One of the policy I have in mind is to keep the members in group "root" to a minimum, if possible just root itself.
I stumbled upon the user "brltty" that is in the root group on my system ("brltty" is for braille support and a required dependency of e.g. quemu):
$ cat /etc/group | grep "root"
root:x:0:brltty,rootThe change was introduced in January 2021 by adding the following to a systemd sysuser group patch:
# for USB I/o via USBFS (/dev/bus/usb/*/*)
SupplementaryGroups=rootAt least the account is disabled, so one cannot login as brltty:
$ cat /etc/shadow | grep brltty
brltty:!*:18660::::::On a Ubuntu system with brltty installed, the user is not in root group.
I'm wondering if it's really needed that the user is added to the root group or whether there are alternatives?
Thanks!
PS: I'm not sure whether the forum or a bug report is the best place to start with. But decided to discuss first before raising a bug report.
Last edited by mpdeimos (2021-03-19 08:10:29)
Offline
So, apparently SupplementaryGroups=root, does not override /etc/group, as far as i can tell
Offline
You are right, it's the file usr/lib/sysusers.d/brltty.conf that adds the user to root (twice):
...
# for USB I/o (/dev/bus/usb/*/*)
m brltty root
...
# for creating virtual devices (/dev/uinput)
m brltty root
...Also checked Ubuntu, and as expected there is no sysusers configuration. I guess I'll just contact the package owner regarding this.
Offline
Sounds good to me
Please mark as solved
Offline