ubuntu-xxx dependencies & group assignment for sound & co
Paul Roeland
paul.roeland at milieudefensie.nl
Thu Mar 31 07:46:47 CST 2005
Adrian Gschwend wrote:
>
> - We authenticate our users via an LDAP & Kerberos Server. Every student
> is in the LDAP directory. We also have groups in the LDAP but they are
> mostly used for permissions on the home directory (which is an NFS share).
> Now the questions is how can we make sure that students can mount cdroms
> and play sound without being in the required groups? It wouldn't be very
> comfortable to us to add each student to each of those groups. Again, I am
> looking for a solution that doesn't break Ubuntu or change the next time I
> do an update of it.
>
same problem here. We haven't found an "ideal" solution, but this works,
although it's slightly ugly:
- set your permission groups to LDAP groups in /etc/udev/rules.d/udev.rules
(we have one group in our LDAP where everybody is a member, that makes
it easy). So instead of "cdrom", "floppy" use your groupnames "students"
or "everybody" or whatever.
- if you want to allow all users to use USB-sticks, also change
"plugdev", but you'll need to reset permissions on /usr/bin/pmount also
- restart udev using local init scripts on the clients; somewhere after
network and nssswitch have kicked in and the system is actually aware of
your LDAP. Just before gdm starts is a good point.
again, it's ugly. We haven't had any adverse effects from restarting
udev, but your mileage might vary...
Paul Roeland
More information about the ubuntu-devel
mailing list