Ryan Lovett wrote:
We manage sound and video devices on our workstations with libpam-devperm, however, the sound and video devices do not change, whereas the devices for pluggable USB drives do. (so we'd have to use your group management trick) Is there a PAM module you have in mind which could perform such a trick?
I've not tried it, but the pam_group module that ships with pam looks like it should let you grant transient group memberships at login time:
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html#ss6.8Perhaps it would be worth considering this or something similar for granting access to plugdev, audio and video on a stock sarge install, rather than the current slight bodge of just adding the 1st user to the relevant groups?
Ryan
Regards, Rob