useradd no group created automatically

Why is the USERGROUPS_ENAB variable in /etc/login.defs set to “no” by default unlike most other Linux distributions which default to “yes”? The result that’s troubling me in my script is that

/usr/sbin/useradd uname

does not create a uname group automatically.

Some linux distros do that. I have never understood why. It is entirely pointless.

This allows having group-accesible files by default, which in turn is useful when you want to have common project - set project directory SGID bit and common project files will belong to common group and be accessible by this group.

I was not saying that groups are pointless.

Automatically creating groups with exactly one member is pointless.

While you and the OP might see a use for it (and you are not alone, else the feature would not be there), I do not see any reason why it should be “on” as default.

So the answer to thew OP’s question

Why is the USERGROUPS_ENAB variable in /etc/login.defs set to “no” by default unlike most other Linux distributions which default to “yes”?

is probably:
a) because when all distributions would be the same, having distributions would be pointless;
b) it is in my point of view a niche feature, that should thus be there to be switched on by the needed and not by default;
c) I have no idea why it is different in “other Linux distributions”, ask there.

And of course, when one writes scripts, there is always something that one forgot to check first before assuming that it is as one wishes it is. Specialy when you write something that should run on all versions of all distributions (or even on all Unixes). Every file should be checked for existence before usage, every configuration setting should be checked before using it, etc. Life of a programmer is hard :frowning:

Use the -U option in your script and the user-group is created automatically regardless of the settings in /etc/login.defs:

/usr/sbin/useradd -U uname

From the “useradd” man page:

      **-U, --user-group
**           Create a group with the same name as the user, and add the user to
           this group.

           The default behavior (if the **-g**, **-N**, and **-U** options are not
           specified) is defined by the **USERGROUPS_ENAB** variable in
           /etc/login.defs.

I intend on using the -U option and not depend on USERGROUPS_ENAB being set to “yes”. That being said, there’s something to be said for precedence. If virtually all other Linux distributions have something turned on by default, it’s counterproductive to turn it off by default unless there’s a good reason. I can’t think off and haven’t seen a good reason yet.

Feel free to file a bug report.

This has not and will not be decided here in these (user) forums.
The people that made this decision probably won’t even read it here.

I have to agree with the previous posters though, I see no point in having this enabled by default.

Someone could also have made the decision to disable by default based on common security principles…

The first consideration would be how often the setting would be used and then even if it’s required for common functionality.

“Best Practice” is always to disable anything that’s not needed by default, but can also be balanced with convenience and needs of your target audience.

So, in this case even if the mentioned Group is commonly seen elsewhere, if it’s really not essential for common use then enabling by default should be questioned.

The “noname” group wouldn’t be the only commonly seen Group disabled in openSUSE, you’ll also find the “wheel” group missing or disabled as well (from my experience).

TSU