On Tue, 2016-04-19 at 06:07 +0200, Christian PERRIER wrote: > > > Control: reassign -1 user-setup > > Quoting Felipe Sateler ([email protected]): > > > > > > > > Control: reassign -1 debian-installer > > > > On 18 April 2016 at 13:06, Corcodel Marian <[email protected]> > > wrote: > > > > > > > > > > > > > > Any way pulseaudio is default sound server on debian and suggest > > > to do not put > > > users on audio group because cross interference with alsa > > > programs, now alsa is > > > for power users and pulseaudio is on default. > > Pulseaudio does not add the user to the audio group. I'm guessing > > the > > installer does, so I reassign there. > Adding the *first created* user to so-called "useful" groups is done > by user-setup. > > We'll need a detaailed explanantion abou twhy this shouldn't be done > anymore, including all possible use cases of the installer.
I don't know where you get this 'all possible use cases of the
installer' from. Adding the first user to device access groups only
ever made sense for single-user desktop/mobile systems. The installer
doesn't make device access work automagically for other local users of
multi-user desktop/mobile systems, nor does it do the right thing for
servers - where the first user is likely to be a remote admin (and
often one of a team of admins who shuld have the same privileges).
systemd installs udev rules (/lib/udev/rules.d/70-uaccess.rules) that
add the 'uaccess' tag to many kinds of devices. systemd-logind then
adds locally logged-in users to the ACLs for the corresponding device
nodes. This makes all or most of the groups for local device access
redundant.
I've done a quick test of removing myself from the device access groups
on a current GNOME desktop, with these results:
- audio: redundant, I'm on the ACL for /dev/snd/*
- cdrom: redundant, I'm on the ACL for /dev/sr0
- floppy: unknown, but expect this to work like cdrom
- video: redundant, I'm on the ACL for /dev/video0
- plugdev: redundant, I'm on the ACL for /dev/bus/usb/002/006
- netdev: redundant, I'm on the ACL for /dev/rfkill
- scanner: redundant, I'm on the ACL for /dev/sg2
- bluetooth: unknown, seems broken whether or not I'm a member of the group
The other groups (dip, debian-tor, lpadmin, sudo) make more sense,
though CUPS should probably be changed to treat sudo like lpadmin.
Ben.
--
Ben Hutchings
Usenet is essentially a HUGE group of people passing notes in class.
- Rachel Kadel, `A Quick Guide to Newsgroup Etiquette'
signature.asc
Description: This is a digitally signed message part
