[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Console User Groups Best Practice?

How are people handling the setting of user groups for 'audio' et al
needed for the console user in a network account environment such as
NIS/YP?  Where any user can log into any workstation?

For a Debian default standalone installation the user is normally
added to the set of console groups in /etc/group.  I understand how
that part works in great detail.  The user logs into the console and
is a member of the needed groups for audio and others on the console.
But for networked account management with a large number of users
adding every user to every console group has its own set of problems.

On Red Hat / Fedora systems and I presume others they use the PAM
module pam_console.so to set the ownership of files matching the lists
in the /etc/security/console.perms file.  This has obvious exploits.
The Debian maintainer has decided not to include it in Debian and I
think that is reasonable.

What is the best practice for handling this type of network account
management in Debian?


Attachment: signature.asc
Description: Digital signature

Reply to: