On Tue, 10 Oct 2006 18:10:42 +0200 Gabor Gombas <gombasg@sztaki.hu> wrote: > On Tue, Oct 10, 2006 at 03:36:20PM +0200, Tim Dijkstra wrote: > > > That's not an argument someone can just 'chown :plugdev' something. > > Crap. I knew I'd overlook something. I think you could still prevent > that with SELinux though :-) Have to read up on SELinux some day, but not now;) > On the other hand I was thinking about if in your case basically all > user needs to be a member of all these groups anyway, then there is no > point in having these groups at all. Just make pmount executable by > anyone, and edit /etc/dbus-1/system.d/{avahi-dbus.conf,hal.conf} and > replace '<policy group="powerdev">' etc. with '<policy > context="default">' or with '<policy at_console="true">'. > Similarly, if all users have read(/write) access to a device because all > users are part of the group owning the device node, then you can just > make that device node a+r(/a+w) and forget about the group. > > Of course there may be services running under other uids that you do not > want to give all access humans has; it has to be decided. Yes, that doesn't seem like the right solution. In any case, I'm kind of happy with my current setup. I was just trying to point out that pam_group has it draw backs. grts Tim
Attachment:
signature.asc
Description: PGP signature