calamares/0003-do-not-set-default-users-group-on-home.patch

From a95be0ca5aae5fa08348b95e631671257effd457 Mon Sep 17 00:00:00 2001
From: codeworkx <codeworkx@cyanogenmod.org>
Date: Tue, 17 Nov 2015 21:55:50 +0100
Subject: [PATCH] don't set default "users" group on home dirs

Fixes CAL-345.

Changing group of home dir to the default "users" group might be a security risk
because every user which belongs to the default "users" group
might be able to access private data on home dirs of other users.
---
 src/modules/users/CreateUserJob.cpp |  4 +---
 src/modules/users/CreateUserJob.h   |  2 --
 src/modules/users/UsersPage.cpp     |  3 +--
 src/modules/users/UsersViewStep.cpp | 10 +---------
 src/modules/users/UsersViewStep.h   |  1 -
 src/modules/users/users.conf        |  2 +-
 6 files changed, 4 insertions(+), 18 deletions(-)

diff -urN calamares-1.1.4.2/src/modules/users/CreateUserJob.cpp calamares-1.1.4.2-patched/src/modules/users/CreateUserJob.cpp
--- calamares-1.1.4.2/src/modules/users/CreateUserJob.cpp	2015-11-28 01:58:05.524593939 +1000
+++ calamares-1.1.4.2-patched/src/modules/users/CreateUserJob.cpp	2015-11-28 01:58:31.115595103 +1000
@@ -33,13 +33,11 @@
 CreateUserJob::CreateUserJob( const QString& userName,
                               const QString& fullName,
                               bool autologin,
-                              const QString& userGroup,
                               const QStringList& defaultGroups )
     : Calamares::Job()
     , m_userName( userName )
     , m_fullName( fullName )
     , m_autologin( autologin )
-    , m_userGroup( userGroup )
     , m_defaultGroups( defaultGroups )
 {
 }
@@ -148,7 +146,7 @@
     ec = CalamaresUtils::chrootCall( { "chown",
                                        "-R",
                                        QString( "%1:%2" ).arg( m_userName )
-                                                         .arg( m_userGroup ),
+                                                         .arg( m_userName ),
                                        QString( "/home/%1" ).arg( m_userName ) } );
     if ( ec )
         return Calamares::JobResult::error( tr( "Cannot set home directory ownership for user %1." )
diff -urN calamares-1.1.4.2/src/modules/users/CreateUserJob.h calamares-1.1.4.2-patched/src/modules/users/CreateUserJob.h
--- calamares-1.1.4.2/src/modules/users/CreateUserJob.h	2015-08-06 19:58:32.000000000 +1000
+++ calamares-1.1.4.2-patched/src/modules/users/CreateUserJob.h	2015-11-28 01:58:31.116595103 +1000
@@ -30,7 +30,6 @@
     CreateUserJob( const QString& userName,
                    const QString& fullName,
                    bool autologin,
-                   const QString& userGroup,
                    const QStringList& defaultGroups );
     QString prettyName() const override;
     QString prettyDescription() const override;
@@ -41,7 +40,6 @@
     QString m_userName;
     QString m_fullName;
     bool m_autologin;
-    QString m_userGroup;
     QStringList m_defaultGroups;
 };
 
diff -urN calamares-1.1.4.2/src/modules/users/users.conf calamares-1.1.4.2-patched/src/modules/users/users.conf
--- calamares-1.1.4.2/src/modules/users/users.conf	2015-08-19 20:52:13.000000000 +1000
+++ calamares-1.1.4.2-patched/src/modules/users/users.conf	2015-11-28 01:58:31.116595103 +1000
@@ -1,6 +1,6 @@
 ---
-userGroup:       users
 defaultGroups:
+    - users
     - lp
     - video
     - network
diff -urN calamares-1.1.4.2/src/modules/users/UsersPage.cpp calamares-1.1.4.2-patched/src/modules/users/UsersPage.cpp
--- calamares-1.1.4.2/src/modules/users/UsersPage.cpp	2015-11-28 01:58:05.523593939 +1000
+++ calamares-1.1.4.2-patched/src/modules/users/UsersPage.cpp	2015-11-28 01:58:31.116595103 +1000
@@ -94,7 +94,7 @@
 
 
 QList< Calamares::job_ptr >
-UsersPage::createJobs( const QString& defaultUserGroup, const QStringList& defaultGroupsList )
+UsersPage::createJobs( const QStringList& defaultGroupsList )
 {
     QList< Calamares::job_ptr > list;
     if ( !isReady() )
@@ -106,7 +106,6 @@
                                ui->textBoxUsername->text() :
                                ui->textBoxFullName->text(),
                            ui->checkBoxLoginAuto->isChecked(),
-                           defaultUserGroup,
                            defaultGroupsList );
     list.append( Calamares::job_ptr( j ) );
 
diff -urN calamares-1.1.4.2/src/modules/users/UsersViewStep.cpp calamares-1.1.4.2-patched/src/modules/users/UsersViewStep.cpp
--- calamares-1.1.4.2/src/modules/users/UsersViewStep.cpp	2015-10-01 01:24:47.000000000 +1000
+++ calamares-1.1.4.2-patched/src/modules/users/UsersViewStep.cpp	2015-11-28 01:58:31.117595103 +1000
@@ -113,21 +113,13 @@
 {
     m_jobs.clear();
 
-    m_jobs.append( m_widget->createJobs( m_userGroup, m_defaultGroups ) );
+    m_jobs.append( m_widget->createJobs( m_defaultGroups ) );
 }
 
 
 void
 UsersViewStep::setConfigurationMap( const QVariantMap& configurationMap )
 {
-    if ( configurationMap.contains( "userGroup" ) &&
-         configurationMap.value( "userGroup" ).type() == QVariant::String )
-    {
-        m_userGroup = configurationMap.value( "userGroup" ).toString();
-    }
-    if ( m_userGroup.isEmpty() )
-        m_userGroup = QStringLiteral( "users" );
-
     if ( configurationMap.contains( "defaultGroups" ) &&
          configurationMap.value( "defaultGroups" ).type() == QVariant::List )
     {
diff -urN calamares-1.1.4.2/src/modules/users/UsersViewStep.h calamares-1.1.4.2-patched/src/modules/users/UsersViewStep.h
--- calamares-1.1.4.2/src/modules/users/UsersViewStep.h	2015-10-01 01:24:47.000000000 +1000
+++ calamares-1.1.4.2-patched/src/modules/users/UsersViewStep.h	2015-11-28 01:58:31.117595103 +1000
@@ -63,7 +63,6 @@
     UsersPage* m_widget;
     QList< Calamares::job_ptr > m_jobs;
 
-    QString m_userGroup;
     QStringList m_defaultGroups;
 };