#1103776 adduser: Please mention newgrp in man page

Package:
adduser
Source:
adduser
Submitter:
Tomas Pospisek
Date:
2026-06-17 21:09:02 UTC
Severity:
normal
Tags:
#1103776#5
Date:
2025-04-21 12:44:35 UTC
From:
To:
Hello dear adduser maintainer(s),

I swear, *every* time I do `adduser user group` I have
to look up on the internet how to make that group available
to that user in a running shell session...

The attached patch adds two phrases to the "Add an existing user
to an existing group" paragraph that tells the reader to use
`newgrp` to achieve that and mentions `newgrp` in the
"SEE ALSO" section.

I'd be glad if you could include this in the man page so I
(and probably others) can stop looking it up on the internet
each time...

Best greetings and thank you for your work on `adduser`.
*t

#1103776#10
Date:
2025-04-21 19:16:32 UTC
From:
To:
Hi,

I am totally not sure whether this is appropriate. I agree that this
behavior is a quick of many operating systems, but I don't think that
adduser should begin to document operating system quirks. People might
see this as an issue in adduser, which it isn't.

Greetings
Marc

#1103776#15
Date:
2025-04-21 21:14:47 UTC
From:
To:
Hi Marc!

Well, I mean the goal of "adduser user group" is to add a user to a
group... except that - it doesn't. As a user of adduser I'm not really
interested who's fault it is - I just want to get the job done.

At some point I have somehow found out that using some other magic in
addition is necessary. Other users of adduser might not know and just
think that `adduser user group` doesn't work or is broken or ...

As I said - the user doesn't and shouldn't actually need to care where the
blame lies...

So why not give the user a hand to get the job done?
*t

#1103776#20
Date:
2025-04-22 07:35:19 UTC
From:
To:
It adds the user to the group. It is not adduser's fault that /etc/group
is just read on login.

That is not magic, it's basic Unix semantic.
in the last release cycle literally days to clean adduser's man pages of
redundant information to make it easier to maintain them. This would be
counterproductive.

Greetings
Marc

P.S.: I keep falling into that trap myself

#1103776#25
Date:
2025-04-22 13:54:48 UTC
From:
To:
I think you're confusing what you want done with what is actually done.

The command "adduser foo bar" updates system records to indicate that
user "foo" has membership in supplementary group "bar". The goal of this
command is to update these records, and it ~does~ do this.

The fact that existing shell sessions must be reinitialized is really
just part of how the OS works.

I actually wouldn't rely on "newgrp" too much for this purpose. It may
not work the way you think.

For example, on Debian "newgrp" creates subprocesses instead of
replacing the shell. On some systems, the shell actually is replaced.

Try this...

$ pstree -ps $$
$ newgrp
$ pstree -ps $$

It may illustrate what I'm talking about. You get a subshell, and you
need to exit or logout twice to get out now.

This is the case on my system, which is older… may have been updated.

In light of this, I think "newgrp" is more useful for temporarily
assuming a group identity to do some stuff and then backing out to your
login identity.

You can tell users to run "newgrp" when you add them to a group, but
they'll have to do this in every open session. Also, they may be
confused if they exit the new shell and they go back to their old
identity.

The way to avoid any confusion, I've found, is just to tell the user to
"fully logout and log back in" and then go about their business.

I don't think the adduser man page should make mention of newgrp. We
don't own that tool (the "login" package does).

Best,

#1103776#30
Date:
2025-04-22 14:13:03 UTC
From:
To:
To follow up on what I said here, I also want to address the patch you
provided as this may be different than what you think as well.

If you do…

# adduser foo bar

… you have added user "foo" to group "bar" where the latter is now
a supplementary group for the former (i.e., you've updated system
records).

If the user now runs "newgrp bar", the user will assume "bar" as their
primary group. This is ~not~ the same as having the group appended to
their supplementary groups in their current shell session.

There are other differences, but "log out & log in" remains the best and
most complete and correct advice for this situation. It provides the
most predictable result for the user.

#1103776#35
Date:
2025-04-22 14:21:42 UTC
From:
To:
Hi Jason,

thanks for presenting your arguments!

The man page says:

    Add an existing user to an existing group
        If called with two non-option arguments, adduser will add an
        existing user to an existing group.

It doesn't talk about anything of what you've written above. The canonical
tool to verify whether a user is member of a group is `id`:

     $ sudo adduser joe fancyusers
     $ id
     uid=1000(joe) gid=1000(joe)
     groups=1000(joe)

which tells me that adduser in fact did *not* add the user to the group.

In my opinion the goal of Debian is to serve its users. When the manpage
is quiet about why after adding a user to a group the user is still not
member of the group then that is *not* serving the user IMO.

I can agree to that.

So let's point the user to some explanation instead of not doing what a
user without any additional experience would expect and not saying
anything about the problem that `adduser user group` has.

The adduser man page doesn't own anything. It lives in a context, which is
Unix I'd guess, and can try to be useful in that context. So if
adduser behaves in some unexpected way when interacting with Unix then
it should tell the user IMO.

?
*t

#1103776#40
Date:
2025-04-22 14:24:13 UTC
From:
To:
I agree with that
#1103776#45
Date:
2025-04-22 16:18:42 UTC
From:
To:
The question then is whether or not we want the man page to be more
helpful in describing the effects of this use case.

Maybe it could say something like this…

This is a minimal change that at least makes note of something that may
be surprising to a person who has limited familiarity with how Debian
works.

Would this type of change help?

Marc, do you think this is reasonable?

#1103776#50
Date:
2025-04-22 16:43:56 UTC
From:
To:
I am still not a fan. That additional language needs to be maintained,
translated, proofread, and discussed. I'd rather not having to do that.

Greetings
Marc

#1103776#55
Date:
2025-04-22 18:30:55 UTC
From:
To:
I am in agreement with Marc here.

I have not been as involved, so my opinion is of minimal value.

Still, I think there is a limit to how helpful a manpage can be. There
has to be a stopping point somewhere, with a general expectation that
users will be at least somewhat familiar with their system.

When user account attributes (of many types) are modified, the
expectation is generally that a user logs in again to have those changes
take effect. This is just "one of those things" you know after dealing
with Debian (or any other distro) for even a little while.

Best,

#1103776#60
Date:
2025-04-23 10:01:45 UTC
From:
To:
So I suggest to add just *one* *single* phrase:

"The added group will not be visible in current user sessions"

Is that an acceptable compromise between "the user is left completely in
the dark" and "maintaining additional words adds too much of a workload"?
*t

#1103776#65
Date:
2025-04-24 08:38:03 UTC
From:
To:
There will be a bug report "please make added groups visible in current
user sessions" since this sentence suggests that it's a design decision
in adduser.

"Leaving people in the dark" is suggesting that the adduser maintainers
act in bad faith. We Don't.

#1103776#70
Date:
2025-04-24 09:10:41 UTC
From:
To:
Because if there is no desire to improve the situtation for the user then
there is no point discussing semantics of words. This discussion has been
going on for a dozen of posts with me trying to improve the situtation of
the `adduser` user but I have yet to see a constructive reply from you
Marc - constructive in the sense "yes this is a problem and yes I want to
improve the life of an `adduser` user".

So if there's no desire to improve the adduser manpage or adduser with
respect to the problem at hand then there's no point in spending time
discussing it, or am I misunderstanding something?

I do understand your concern Marc, that any byte published is a byte that
needs to be maintained. But if that is the argument that tops all the
others then no change is possible.

Again: if there's no will to change anything and if that is the top
argument then there's no point in further discussion.
*t

#1103776#75
Date:
2025-04-28 17:03:21 UTC
From:
To:
Hello Tomas,
hello Marc,
hello Jason,
sorry for comming in late into the discussion, I was offline for some
days.

Regarding the translations:
If desired, I can quickly poll all active translators for the update.
Preferrably this week, as I have some time.

Regarding the proposal:
I agree that a man page for a command should not be a general
tutorial. But I would not see this as strict - if there is a more
general misconception or something helpful for the users, I would
personally add it. And the last proposal "A logged in user will need
to log out and log back in for the change to take effect." sounded
quite sensible to me, not overreaching.

But in the end, of course, it is Marcs decision.

Greetings

          Helge

#1103776#82
Date:
2026-06-17 21:06:33 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
adduser, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1103776@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Haber <mh+debian-packages@zugschlus.de> (supplier of updated adduser package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Wed, 17 Jun 2026 22:36:50 +0200
Source: adduser
Architecture: source
Version: 3.157
Distribution: unstable
Urgency: medium
Maintainer: Debian Adduser Developers <adduser@packages.debian.org>
Changed-By: Marc Haber <mh+debian-packages@zugschlus.de>
Closes: 472820 1101457 1103776 1118210 1133696 1137602 1137603
Changes:
 adduser (3.157) unstable; urgency=medium
 .
   [ Marc Haber ]
   * add script that runs the testsuite without autopkgtest
     (Closes: #1101457)
   * add a NOTE to adduser.8 regarding group membership (Closes: #1103776)
   * implement adduser --force-home.
     Thanks to Jeff Hanson (Closes: #472820)
   * Add new Romanian program and man page translation.
     Thanks to Remus-Gabriel Chelu (Closes: #1137603, #1137602)
   * update dutch program translation.
     Thanks to Frans Spiesschaert (Closes: #1118210, #1133696)
 .
   [ Dustin Kirkland ]
   * Add support for encrypting home directories
     * adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
       for the hard work.
     * doc/adduser.8: document the --encrypt-home option
     * debian/control: suggest ecryptfs-utils >= 67-1
     * deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
 .
   [ Mateus Rodrigues de Morais ]
   * Add encrypted home tests with isolation-machine restriction
Checksums-Sha1:
 b013d8fc97493cdf5e8cf4155155124251e26609 1811 adduser_3.157.dsc
 c1dca503370a1be803518247a2a27f85b0fcb114 361112 adduser_3.157.tar.xz
Checksums-Sha256:
 a3e806b5e4861c8d1bef55ba184affeade86bd4acf377c7877a63f68ec0c8f56 1811 adduser_3.157.dsc
 78f64b02b2962437ef6d371126e922e71fe5024f943bef7240b6178d74d0a0e9 361112 adduser_3.157.tar.xz
Files:
 5393614c69f578219ca8e41bc8da9db9 1811 admin important adduser_3.157.dsc
 f3bf3ff2c9543a952d28f0f7cd3b494b 361112 admin important adduser_3.157.tar.xz
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAmozBnwACgkQj3cgEwEy
BEImHg/8Dldd0Y8goqdMtiy05SQOZHtfhHj5W4lAjjzrOwdFR57LCG3yovNcFnmS
HYV39yd9NPkGY4/N2UKnrpeTvpVXGzjur1YNZlAj/wj1OaxXzZAfDj20NxENEFpm
OdicbAcF9vddB2tdG+wdYzg7wOAmWkGBg65IPbxzA29Ki+etRoyb/az5TVQsGpCI
Uy40sbEnGLQ4VGcRroPEiZkLzo+MEwKCSVkamW6Wil3ZsVBLIaJfrWOewU38cGeW
YLvVvC1pGWGyNtsztz5dLfAo3cNsisoq4ZWFzJFmG60Ic9D0fQ3Ml+QgmU6QMRpr
Gry9rHGMfLjWR+a3m026z+a3EzSYQbyQopqrg5OCWL11BjLZTkDg0cxC/ebuKEBE
cnl3DU+WZ0GSlF3LhKIBwuHv6Eoppaq1655/JdWhp70gNNGVMIxsR9SH8S/7A2OT
apNTWv5ddt3lag9iiRYBwAI6aoXHaobOGN4/gC33RAl4H8qJP0oWgQsI5m9t0o+V
TqQ4KlWU/qFjDfjC4BYy07flPa2XEMDP/UhI6mxzFhel9a8+8ed+F0GUmyvjTg8N
wbqBleLLiAjIMEwAPIMbe5Pf91ulsffXGTe4PKRvj0nvoIcAv5aui1SO+9hH5fLr
tnvonWtY8/FcBQLD+zEO7YWpu5EXOj4wrBYgDW5cz+8Udch3Xnw=
=uajK
-----END PGP SIGNATURE-----