On Thu, 2009-02-26 at 13:01 +0000, Ben Hutchings wrote: > On Thu, 2009-02-26 at 08:31 +0100, Peter Palfrader wrote: > > This is of course broken. It breaks granting console users access > > to the netdev or powerdev groups through pam_groups, which is really > > really annoying when you get your users from say ldap. > > But that's broken to start with, since you can't revoke group > membership when the user logs out.
The group membership is only assigned to the process, not in the group database. I generally have something like: gdm; :*; *; Al0000-2400; audio,floppy,video,cdrom,scanner,plugdev,voice in /etc/security/group.conf to ensure that any user that is logged in on the console can do most things you can expect console users to do. So for a gdm session: % groups users voice cdrom floppy audio src video plugdev scanner But the NSS databases contain the following: % groups arthur arthur : users src I've found that with lenny for some things (dbus?) you need consolekit (I install policykit-gnome which has all the dependencies I need) to accomplish (part of?) what you did with secondary groups before. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part