How are people handling the setting of user groups for 'audio' et al needed for the console user in a network account environment such as NIS/YP? Where any user can log into any workstation? For a Debian default standalone installation the user is normally added to the set of console groups in /etc/group. I understand how that part works in great detail. The user logs into the console and is a member of the needed groups for audio and others on the console. But for networked account management with a large number of users adding every user to every console group has its own set of problems. On Red Hat / Fedora systems and I presume others they use the PAM module pam_console.so to set the ownership of files matching the lists in the /etc/security/console.perms file. This has obvious exploits. The Debian maintainer has decided not to include it in Debian and I think that is reasonable. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=69550 What is the best practice for handling this type of network account management in Debian? Thanks, Bob
Attachment:
signature.asc
Description: Digital signature