Package: debian-reference-en Version: CVS HEAD Severity: wishlist Tags: patch
There's a regular problem on irc with newbies who've not got permission to access various hardware devices. The reference manual should get this out of the way early, and explain groups and that it's the job of the root user to grant permission to various hardware devices etc. This has bearing on bug #403755. Apply patch with: cd qref/en ; patch -p1 < group.patch Note that I used the long option names. I don't know if that's in line with the manual's regular style. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
diff -ruN en.old/tune.sgml en/tune.sgml --- en.old/tune.sgml 2007-01-18 16:31:58.000000000 -0600 +++ en/tune.sgml 2007-09-03 21:51:12.000000000 -0500 @@ -208,7 +208,7 @@ auth sufficient pam_wheel.so trust group=adm </example> -<sect1>Purposes of standard groups +<sect1 id="standard-groups">Purposes of standard groups <p> A few interesting groups: <list compact> diff -ruN en.old/tutorial.sgml en/tutorial.sgml --- en.old/tutorial.sgml 2006-01-22 02:33:11.000000000 -0600 +++ en/tutorial.sgml 2007-09-03 23:27:33.000000000 -0500 @@ -66,6 +66,7 @@ <item>set file ownership and permission of any files on the system <item>set the password of any non-privileged users on the system <item>login to any accounts without their passwords +<item>allow ordinary accounts to access hardware devices: audio speakers, floppy drives, cd drives, scanners, etc. </list> <p> It is extremely bad idea to share the access to the root account by @@ -124,16 +125,33 @@ ... answer all the questions </example> will create it. -<footnote> -You may want to add this user <tt><var>penguin</var></tt> to the -<tt>adm</tt> group to enable read access to the many logfiles in -<file>/var/log/</file>. See <manref name="passwd" section="5">, <manref -name="group" section="5">, <manref name="shadow" section="5">, <manref -name="group" section="5">, <manref name="vipw" section="8">, and <manref -name="vigr" section="8">. For the official meanings of users and + +<sect1 id="granting-access">Granting access to privileged hardware and data +<p> +You may (or may not) want to grant the <tt><var>penguin</var></tt> user +read access to the many logfiles in +the <file>/var/log/</file> directory, or may (or may not) want to enable +write access to attached speakers so that the user can listen to music. +<p> +To ease administration and allow many people to share the same set of +access rights, the necessary permissions have already been granted to +what are known as <strong>groups</strong>. The <tt>adm</tt> group is allowed +read access to various administrative files, and the <tt>audio</tt> +group is allowed write access to the various hardware components which +drive the speakers. All that remains is to put the <tt><var>penguin</var></tt> +user into both groups. +<example> +root@<var>foo</var>:root# usermod --append --groups adm,audio penguin +</example> +<p> +See <ref id="standard-groups">, or for the official meanings of users and groups, see a recent version of the <url id="&f-users-and-groups;" name="Users and Groups"> document. -</footnote> +See also <manref name="passwd" section="5">, <manref +name="group" section="5">, <manref name="shadow" section="5">, <manref +name="group" section="5">, <manref name="vipw" section="8">, and <manref +name="vigr" section="8">. +<p> Before going further, let's learn few things first. <sect1 id="sw-console">Switch between virtual console