today I had some trouble with setting up /etc/security/group.conf for
adding some (disk,floppy,audio,video) groups to users logging in locally.
However, I finally solved the problem I have some remarks/questions:
1. In /etc/pam.d/login the line for pam_group.so is after @common-auth,
therefore it does not affect the user authenticated user. Is this a
2. Due /etc/pam.d/kdm is leaking this feature either I have to add the
same line, or I have to add the pam_group.so line to common-auth. Which
one is better? IMHO: because pam_group.so is giving privileges, it seems
not clever to add it to common-auth.