ubuntu-xxx dependencies & group assignment for sound & co

[Paul Roeland]

Adrian Gschwend wrote:

> 
> - We authenticate our users via an LDAP & Kerberos Server. Every student
> is in the LDAP directory. We also have groups in the LDAP but they are
> mostly used for permissions on the home directory (which is an NFS share).
> Now the questions is how can we make sure that students can mount cdroms
> and play sound without being in the required groups? It wouldn't be very
> comfortable to us to add each student to each of those groups. Again, I am
> looking for a solution that doesn't break Ubuntu or change the next time I
> do an update of it.
> 

same problem here. We haven't found an "ideal" solution, but this works, 
although it's slightly ugly:

- set your permission groups to LDAP groups in /etc/udev/rules.d/udev.rules
(we have one group in our LDAP where everybody is a member, that makes 
it easy). So instead of "cdrom", "floppy" use your groupnames "students" 
or "everybody" or whatever.

- if you want to allow all users to use USB-sticks, also change 
"plugdev", but you'll need to reset permissions on /usr/bin/pmount also

- restart udev using local init scripts on the clients; somewhere after 
network and nssswitch have kicked in and the system is actually aware of 
your LDAP. Just before gdm starts is a good point.


again, it's ugly. We haven't had any adverse effects from restarting 
udev, but your mileage might vary...


Paul Roeland