From 6ea2a3ce82268d90761b13bd17449bff1da6541e Mon Sep 17 00:00:00 2001
From: Arnaud Rebillout <arnaudr@kali.org>
Date: Mon, 4 Apr 2022 15:28:57 +0700
Subject: [PATCH] Add kali user to additional groups one by one

Up to now, it was fine to use a command such as:

    usermod -a -G group1,group2,... kali

However a limitation is that all the groups that are given to the option
-G must exist. If that's not the case, usermod fails (return code: 6)
without doing anything, and the user is not added to any group.

So with this commit, we prepare the code to support optional groups,
that might or might not exist. If ever a group does not exist, it's
skipped silently.
---
 .../usr/lib/live/config/0031-kali-user-setup               | 7 +++++--
 kali-config/common/includes.installer/kali-finish-install  | 7 +++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup b/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup
index 5fc6df0..31af2ba 100755
--- a/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup
+++ b/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup
@@ -22,9 +22,12 @@ configure_usergroups() {
     # dialout - for serial port access
     # kaboxer - for kaboxer
     # wireshark - capture sessions without being root
-    kali_groups="adm,dialout,kaboxer,wireshark"
+    kali_groups="adm dialout kaboxer wireshark"
 
-    usermod -a -G $kali_groups kali || true
+    for grp in $kali_groups; do
+	getent group $grp >/dev/null || continue
+	usermod -a -G $grp kali
+    done
 }
 
 # Avoid configuring multiple times in case persistence is enabled
diff --git a/kali-config/common/includes.installer/kali-finish-install b/kali-config/common/includes.installer/kali-finish-install
index 11e7e2e..74c4322 100755
--- a/kali-config/common/includes.installer/kali-finish-install
+++ b/kali-config/common/includes.installer/kali-finish-install
@@ -60,11 +60,14 @@ configure_usergroups() {
     # dialout - for serial access
     # kaboxer - for kaboxer
     # wireshark - capture sessions in wireshark
-    kali_groups="adm,dialout,kaboxer,wireshark"
+    kali_groups="adm dialout kaboxer wireshark"
 
     for user in $(get_user_list | grep -xv root); do
 	echo "INFO: adding user '$user' to groups '$kali_groups'"
-	usermod -a -G "$kali_groups" $user || true
+	for grp in $kali_groups; do
+	    getent group $grp >/dev/null || continue
+	    usermod -a -G $grp $user
+	done
     done
 }