Add a qubes group and then add the user 'user' to the group

This is to allow permissions to be set on some devices where the user needs
less restrictive permissions.  /etc/udev/rules.d/99-qubes-misc.rules changes
a few xen devices to allow the users in the qubes group access

archlinux/PKGBUILD.install

@@ -209,9 +209,13 @@ pre_install() {
   # Add qubes core related fstab entries
   echo "xen	/proc/xen	xenfs	defaults	0 0" >> /etc/fstab
 
+  # Add a qubes group
+  groupadd --force --system --gid 98 qubes
+
   # Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this.
   # See https://bugs.archlinux.org/task/31831
   useradd --shell /bin/zsh --create-home user
+  usermod --groups qubes user
 }
 
 ## arg 1:  the new package version

debian/qubes-core-agent.preinst

@@ -35,28 +35,34 @@ set -e
 
 if [ "$1" = "install" ] ; then
     # --------------------------------------------------------------------------
-    # Create required directories
+    # Required groups
     # --------------------------------------------------------------------------
-    mkdir -p /var/lib/qubes
-    mkdir -p /lib/modules
-    #mkdir -p -m 0700 /var/log/xen  # xen-utils-common should do this
-
-    # --------------------------------------------------------------------------
-    # Remove `mesg` from root/.profile?
-    # --------------------------------------------------------------------------
-    sed -i -e '/^mesg n/d' /root/.profile
+    groupadd --force --system --gid 98 qubes
+    groupadd --force --system sudo
 
     # --------------------------------------------------------------------------
     # User add / modifications
     # --------------------------------------------------------------------------
     id -u 'user' >/dev/null 2>&1 || {
-        useradd -U -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
+        useradd --user-group --create-home --shell /bin/bash user
     }
     id -u 'tinyproxy' >/dev/null 2>&1 || {
-        useradd -U -r -M --home /run/tinyproxy --shell /bin/false tinyproxy
+        useradd --user-group --system -M --home /run/tinyproxy --shell /bin/false tinyproxy
     }
     usermod -p '' root
-    usermod -L user
+    usermod -L --groups qubes,sudo user
+
+    # --------------------------------------------------------------------------
+    # Create required directories
+    # --------------------------------------------------------------------------
+    mkdir -p /var/lib/qubes
+    mkdir -p /lib/modules
+    #mkdir -p -m 0700 /var/log/xen  # xen-utils-common should do this
+
+    # --------------------------------------------------------------------------
+    # Remove `mesg` from root/.profile?
+    # --------------------------------------------------------------------------
+    sed -i -e '/^mesg n/d' /root/.profile
 fi
 
 if [ "$1" = "upgrade" ] ; then

rpm_spec/core-vm.spec

@@ -111,6 +111,12 @@ for dir in qubes-rpc qrexec misc; do
 done
 
 %pre
+# Make sure there is a qubes group
+groupadd --force --system --gid 98 qubes
+id -u 'user' >/dev/null 2>&1 || {
+  useradd --user-group --create-home --shell /bin/bash user
+}
+usermod --groups qubes user
 
 if [ "$1" !=  1 ] ; then
 # do this whole %pre thing only when updating for the first time...
@@ -122,7 +128,6 @@ if [ -e /etc/fstab ] ; then
 mv /etc/fstab /var/lib/qubes/fstab.orig
 fi
 
-adduser --create-home user
 usermod -p '' root
 usermod -L user