group access to local devices on shared networked machines
Scott James Remnant
scott at canonical.com
Fri May 8 16:45:46 UTC 2009
On Fri, 2009-05-08 at 11:36 -0500, Patrick Goetz wrote:
> Scott James Remnant wrote:
> > Provided they are on the same physical console as the local optical
> > drive, this is done automatically.
> >
>
> Well, we need to retain the option of people ssh'ing to the machine and
> using the optical drive remotely; however even for users logged in on
> the console, this most definitely was NOT working in Hardy -- we found
> out the hard way when users starting showing up complaining that they
> were getting "permission denied" when trying to access the optical
> drive. Note that our users are network users authenticated using LDAP,
> not local users.
>
It should not matter how your users are authenticated, provided that you
are using an LDAP Name Service Switch - they will appear equivalent to
local users.
This should have worked in Hardy:
With one of the users logged in, could you run "ck-list-sessions" ?
Likewise, with a user logged in via ssh, could you run
"ck-list-sessions" ?
Users logged in by gdm will be registered in ConsoleKit as local users
(is-local = TRUE); users logged in by ssh will be registered in
ConsoleKit as non-local users.
> Is this a change for Jaunty? If so, this basically my question: how is
> it being done? If there is now a canonical way (pun intended) for
> network users to get permission to use local devices, then we can drop
> our /etc/security/groups.conf work around.
>
System -> Administration -> Authorisations
Scroll down to the /org/freedesktop/hal/device-access/Directly access
optical drives authorisation, and select it.
In the right-hand pane, you can adjust the parameters - and for example,
grant additional explicit authorisations
Scott
--
Scott James Remnant
scott at canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20090508/91512cff/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list