[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#426452: user-setup: Should allow preseeding to avoid adding initial user into local device groups

Quoting Petter Reinholdtsen (pere@hungry.com):
> Package:  user-setup
> Version:  1.11
> Severity: wishlist
> Tags:     patch
> In a large installation, it does not scale to add all users to the
> groups granting access to local devices on each machine.  In such
> configurations it is better to assign that access dynamically at
> login, using the pam_group and pam_foreground pam modules.

This is a longstanding discussion and, up to now, no perfect answer to
this has been found. We particularly had to fight with this while
maintaining shadow.

However, the mention you make about pam_foreground is new to me. Where
does this module come from?

It seems that it could be the one module that is OK to give access to
local devices to "the person who's sitting in front of the machine".

Which package does it belong to?

After all, we could more generally have an option in D-I to install
the system with that module activated unless disabled. Our current
hardcoded list of "useful groups" sucks anyway.

Attachment: signature.asc
Description: Digital signature

Reply to: