> Date: Tue, 05 May 2009 11:17:04 +0100 > From: Scott James Remnant <[email protected]> > Subject: Re: Usev permissions and USB scanners
> On Sun, 2009-05-03 at 16:16 +0300, [email protected] wrote: > > I created a usbdev group and added my user to that group, added a > > group setting to that line instead of the recommended mode change, > > and my scanner works, > We prefer not to use groups in this way. > Instead we use ACLs on devices such as scanners so that logged in > console users can directly access the device without needing to be in > any special group. > Further access can be granted through the "Authorizations" tool. Hi - Would anyone care to elaborate on this, as we brought this up with Canonical support well over a year ago for Hardy and no good solution was offered at that time (so we came up with our own). The problem: how to provide access to, say, local optical drives to incidental ldap users who aren't automatically in the device groups since they're not local users. Our solution was to use pam. By adding these lines to the /etc/security/group.conf file: *;:0|tty*&!ttyp*;*;Al0000-2400;dialout,dip,audio,video *;*;*;Al0000-2400;cdrom,floppy,scanner,plugdev,storage,vboxusers,fuse console users are added, for example, to the audio/video groups while anyone who logs in from anywhere is added to the cdrom/scanner groups (this allows users to use the scanners and optical devices remotely). I'm most curious to know if there is now a better way of providing this functionality to network users. -- Ubuntu-devel-discuss mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
