[K12OSN] smbldap - adding ldap users to local groups
Rob Owens
rowens at bio-chemvalve.com
Thu Oct 25 17:30:36 UTC 2007
Craig White wrote:
> clarification... on Red Hat (Fedora and RHEL clones like CentOS), apache
> software packaging and daemon are referred to as 'httpd' but the
> user/group is still apache
>
I stand corrected on that one. But still, there's no guarantee that
each distro will share the same group name for a particular application
or process.
> users ***should*** have access to local devices such as usb drives,
> cdrom and stuff via udev in their own user space and shouldn't need
> anything extra in terms of group memberships.
>
On my Debian-based systems, users need to be a member of the "cdrom"
group in order to access the cdrom. On my CentOS system, users need to
be a member of the "disk" group in order to access the cdrom.
If I have 1000 users (I don't, but for the sake of argument...) and
wanted to give them access to the cdrom, I'd have to add 1000 LDAP users
to the local group on each machine that has a cdrom drive (and update
each local group every time I add a new LDAP user who needs cdrom
access). I'd prefer to authorize cdrom usage through use of an LDAP
group, but I can't seem to figure out how to do it.
Of course I could simply change the permissions of /dev/cdrom so that
everybody has access, but that seems like a cop-out and it takes away my
ability to limit cdrom usage.
-Rob
More information about the K12OSN
mailing list