1 |
Duncan, |
2 |
|
3 |
It should be pointed out that Gentoo already has something very close to |
4 |
what I'm suggesting here. /etc/login.defs has a setting, |
5 |
CONSOLE_GROUPS, which defines the "groups to add to the user's |
6 |
supplementary group set when logging in on the console". The default, |
7 |
reasonably, is to add no groups, but uncommenting the setting in this |
8 |
file adds groups floppy, audio and cdrom. |
9 |
|
10 |
Rather than describing this as a "very Bad Thing" the comments in the |
11 |
file simply instruct the sysadmin to "Use with caution". |
12 |
|
13 |
Unfortunately, this setting won't work with Hal and plugdev, which |
14 |
relies entirely on reading /etc/group. |
15 |
|
16 |
On Sat, 2007-10-20 at 04:32 +0000, Duncan wrote: |
17 |
> Lindsay said .... |
18 |
> > It would be a Good Thing if new local accounts could be added to group |
19 |
> > plugdev when they're created. |
20 |
> |
21 |
> It would *NOT* be a "Good Thing" (r), and in fact, would be a very "Bad |
22 |
> Thing" (r) to do this automatically when new users are created, as that |
23 |
> kills important aspects of the Unix/Linux security model, the entire |
24 |
> reason the generic "users" group isn't used in the first place. There |
25 |
> are good reasons sysadmins may not WANT every user to have automount |
26 |
> rights, and it's already possible to expand your newuser scripts locally |
27 |
> to automatically add a user to various groups, if you as sysadmin decide |
28 |
> that's what you want to do. |
29 |
|
30 |
-- |
31 |
Lindsay Haisley | "Everything works | PGP public key |
32 |
FMP Computer Services | if you let it" | available at |
33 |
512-259-1190 | (The Roadie) | http://pubkeys.fmp.com |
34 |
http://www.fmp.com | | |
35 |
|
36 |
|
37 |
-- |
38 |
gentoo-desktop@g.o mailing list |