Duncan, It should be pointed out that Gentoo already has something very close to what I'm suggesting here. /etc/login.defs has a setting, CONSOLE_GROUPS, which defines the "groups to add to the user's supplementary group set when logging in on the console". The default, reasonably, is to add no groups, but uncommenting the setting in this file adds groups floppy, audio and cdrom.
Rather than describing this as a "very Bad Thing" the comments in the file simply instruct the sysadmin to "Use with caution". Unfortunately, this setting won't work with Hal and plugdev, which relies entirely on reading /etc/group. On Sat, 2007-10-20 at 04:32 +0000, Duncan wrote: > Lindsay said .... > > It would be a Good Thing if new local accounts could be added to group > > plugdev when they're created. > > It would *NOT* be a "Good Thing" (r), and in fact, would be a very "Bad > Thing" (r) to do this automatically when new users are created, as that > kills important aspects of the Unix/Linux security model, the entire > reason the generic "users" group isn't used in the first place. There > are good reasons sysadmins may not WANT every user to have automount > rights, and it's already possible to expand your newuser scripts locally > to automatically add a user to various groups, if you as sysadmin decide > that's what you want to do. -- Lindsay Haisley | "Everything works | PGP public key FMP Computer Services | if you let it" | available at 512-259-1190 | (The Roadie) | http://pubkeys.fmp.com http://www.fmp.com | | -- [EMAIL PROTECTED] mailing list
