Quoting Petter Reinholdtsen (email@example.com): > > Package: user-setup > Version: 1.11 > Severity: wishlist > Tags: patch > > In a large installation, it does not scale to add all users to the > groups granting access to local devices on each machine. In such > configurations it is better to assign that access dynamically at > login, using the pam_group and pam_foreground pam modules. This is a longstanding discussion and, up to now, no perfect answer to this has been found. We particularly had to fight with this while maintaining shadow. However, the mention you make about pam_foreground is new to me. Where does this module come from? It seems that it could be the one module that is OK to give access to local devices to "the person who's sitting in front of the machine". Which package does it belong to? After all, we could more generally have an option in D-I to install the system with that module activated unless disabled. Our current hardcoded list of "useful groups" sucks anyway.
Description: Digital signature