[wplug] pam_group.so (was samba "machines" group)
Dane Miller
dane at olneyfriends.org
Wed Jun 29 22:32:32 EDT 2005
On Wed, 2005-06-29 at 17:04 -0400, Chester R. Hosey wrote:
> Or better yet, it sounds like your concern isn't so much adding users to
> groups permanently but allowing them access to resources local to the
> device they're using.
>
> Edit /etc/pam.d/login, enabling the the pam_group.so module (there
> should be a commented entry by default), and
> edit /etc/security/group.conf to add anyone logging in on tty* to the
> proper group at login time. This makes users members of given groups
> based on the terminal from which they're logging in, and doesn't depend
> on GID at all, only group name. This is probably closest to what you're
> trying to accomplish, and is easier than remapping IDs on either system.
This is a great tip :) After some fussing with group.conf, I have this
up and running. In my case I'm using pam_group.so in /etc/pam.d/gdm in
addition to /etc/pam.d/login... that stumped me for several minutes
while I banged on Gnome to let me hear sound.
My /etc/security/group.conf line (with initial comment) is:
# services;ttys;users;times;groups
*;*;*;Al0000-2400;floppy, cdrom, audio, video, dialout, dip, plugdev,
scanner
I'm not sure about the security implications of all those *'s. But I'm
really happy not having to fight with NIS and system GIDs.
Thanks for the help,
Dane
--
Dane Miller
Technology Coordinator
Olney Friends School
Barnesville, Ohio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.wplug.org/pipermail/wplug/attachments/20050629/7900894c/attachment.bin
More information about the wplug
mailing list