(Steve CC'ed as I'm unsure that [EMAIL PROTECTED] will reach you otherwise)
In a desperate attempt to deal with #166718, #212452, #233894, #239006, #240707 all requesting the very same thing with different wording, I tried to use pam_group to see whether it can achieve what's requested in these bugs (basically, give access to some groups to "console" users). I added the following in /etc/pam.d/common-auth: (just to make it simple, actually) auth optional pam_group.so Then in /etc/security/group.conf: # Useful groups for console users *;tty*&!ttyp*&:0;*;Al0000-2400;audio cdrom floppy games plugdev video The ":0" is here to give access to users logged through a display manager such as gdm/kdm/xdm: [EMAIL PROTECTED]:~/tmp/mutt> who root tty1 Oct 7 17:31 bubulle :0 Oct 7 18:33 spongebo :1 Oct 7 18:33 (Yes, I run two displays on my laptop, bubulle being logged on one and spongebob on another one and, yes, I'm a Sponge Bob fan) However, while it works fairly well for users logged on tty terminal, I can't manage to get this working for X users. So, a few questions I have: 1) is using pam_group a completely silly solution which will never be implemented by default because of limitations mentioned in the PAM doc (users can compile a setgid binary and have it run a shell so that they get access to the group even when they're not on the authorized terminal) ? 2) do I use the right syntax in /etc/security/group.conf? Obviously not, but what is then the right syntax? :-)
