[K12OSN] smbldap - adding ldap users to local groups

[Rob Owens]

On Tue, Oct 30, 2007 at 09:56:37AM -0700, Craig White wrote:
> On Tue, 2007-10-30 at 12:30 -0400, Rob Owens wrote:
> > I decided to try changing all of my local devices to have ldap-group memberships.  For instance, I ran this command:
> > 
> > find /dev -group audio -exec chgrp ldapaudio {} \;
> > 
> > This finds every file in /dev with "audio" group membership and changes it to "ldapaudio" group membership.  This works and my ldap user who is a member of the "ldapaudio" group but not the local "audio" group has access to sound devices.  The problem is that on reboot, many of these /dev files get set back to "audio" group membership.  Does anybody know how to stop this?  I'm working on a Debian machine right now, but I'm interested in doing this on Debian, Ubuntu, and CentOS.
> > 
> ----
> when all you have is a hammer, everything looks like a nail.
> 
> You really need to read up on udev because that is about using devices
> in user space.
> 
> this is about the best write up on udev I have seen...
> http://www.reactivated.net/writing_udev_rules.html
> 
> The entire point is to establish a set of rules that dynamically sets
> permissions for removable devices in user space so that root permissions
> and various entries into fstab are not required.
> 
> You should discover that udev has rules & permissions that are set
> within the files in /etc/udev/rules.d, parsed in order and the devices
> and permissions attached to those devices are created dynamically
> according to those rules.
> 
Thanks.  I did find /etc/udev/rules.d/020_permissions.rules, and that looked promising.  Unfortunately, changing the "audio" groups in that file to "ldapaudio" did not do what I was hoping it would do.  Time to read the link you sent me.

-Rob