From 0f9c6f29f31405822fb22d4be9924eea479d52dd Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Wed, 29 Mar 2023 16:19:27 -0400
Subject: [PATCH] Remove KOLIBRI_USER (kolibri) secondary group 'disk'

---
 roles/kolibri/tasks/install.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml
index e27a66510..df74817e4 100644
--- a/roles/kolibri/tasks/install.yml
+++ b/roles/kolibri/tasks/install.yml
@@ -26,9 +26,8 @@
 - name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk
   user:
     name: "{{ kolibri_user }}"
-    groups:
-      - "{{ apache_user }}"
-      - disk    # 2023-03-27: IS THIS REALLY NECESSARY? Unclear. "Mostly equivalent to root access" according to https://wiki.debian.org/SystemGroups
+    groups: "{{ apache_user }}"    # 2023-03-29: Not really necessary (Kolibri is demonstrated to work without group 'www-data').  But it likely doesn't hurt.
+      #- disk    # 2023-03-29: Tested to be unnec with USB sticks (with 64-bit RasPiOS).  FWIW group 'disk' is "Mostly equivalent to root access" according to https://wiki.debian.org/SystemGroups
     state: present
     shell: /bin/false
     system: yes