On Tue, Oct 10, 2006 at 03:36:20PM +0200, Tim Dijkstra wrote: > That's not an argument someone can just 'chown :plugdev' something.
Crap. I knew I'd overlook something. I think you could still prevent that with SELinux though :-) On the other hand I was thinking about if in your case basically all user needs to be a member of all these groups anyway, then there is no point in having these groups at all. Just make pmount executable by anyone, and edit /etc/dbus-1/system.d/{avahi-dbus.conf,hal.conf} and replace '<policy group="powerdev">' etc. with '<policy context="default">' or with '<policy at_console="true">'. Similarly, if all users have read(/write) access to a device because all users are part of the group owning the device node, then you can just make that device node a+r(/a+w) and forget about the group. Of course there may be services running under other uids that you do not want to give all access humans has; it has to be decided. Gabor -- --------------------------------------------------------- MTA SZTAKI Computer and Automation Research Institute Hungarian Academy of Sciences --------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]