group access to local devices on shared networked machines

Scott James Remnant scott at
Fri May 8 16:16:37 UTC 2009

On Fri, 2009-05-08 at 10:28 -0500, Patrick Goetz wrote:

> Would anyone care to elaborate on this, as we brought this up with
> Canonical support well over a year ago for Hardy and no good solution
> was offered at that time (so we came up with our own).
> The problem:  how to provide access to, say, local optical drives to
> incidental ldap users who aren't automatically in the device groups
> since they're not local users.
> Our solution was to use pam.  By adding these lines to the
> /etc/security/group.conf file:
>    *;:0|tty*&!ttyp*;*;Al0000-2400;dialout,dip,audio,video
>    *;*;*;Al0000-2400;cdrom,floppy,scanner,plugdev,storage,vboxusers,fuse
> console users are added, for example, to the audio/video groups while
> anyone who logs in from anywhere is added to the cdrom/scanner groups
> (this allows users to use the scanners and optical devices remotely).
> I'm most curious to know if there is now a better way of providing this
> functionality to network users.
Provided they are on the same physical console as the local optical
drive, this is done automatically.

Scott James Remnant
scott at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the Ubuntu-devel-discuss mailing list