[K12OSN] smbldap - adding ldap users to local groups
Rob Owens
rowens at ptd.net
Tue Oct 30 18:36:38 UTC 2007
On Tue, Oct 30, 2007 at 09:56:37AM -0700, Craig White wrote:
> On Tue, 2007-10-30 at 12:30 -0400, Rob Owens wrote:
> > I decided to try changing all of my local devices to have ldap-group memberships. For instance, I ran this command:
> >
> > find /dev -group audio -exec chgrp ldapaudio {} \;
> >
> > This finds every file in /dev with "audio" group membership and changes it to "ldapaudio" group membership. This works and my ldap user who is a member of the "ldapaudio" group but not the local "audio" group has access to sound devices. The problem is that on reboot, many of these /dev files get set back to "audio" group membership. Does anybody know how to stop this? I'm working on a Debian machine right now, but I'm interested in doing this on Debian, Ubuntu, and CentOS.
> >
> ----
> when all you have is a hammer, everything looks like a nail.
>
> You really need to read up on udev because that is about using devices
> in user space.
>
> this is about the best write up on udev I have seen...
> http://www.reactivated.net/writing_udev_rules.html
>
> The entire point is to establish a set of rules that dynamically sets
> permissions for removable devices in user space so that root permissions
> and various entries into fstab are not required.
>
> You should discover that udev has rules & permissions that are set
> within the files in /etc/udev/rules.d, parsed in order and the devices
> and permissions attached to those devices are created dynamically
> according to those rules.
>
Thanks. I did find /etc/udev/rules.d/020_permissions.rules, and that looked promising. Unfortunately, changing the "audio" groups in that file to "ldapaudio" did not do what I was hoping it would do. Time to read the link you sent me.
-Rob
More information about the K12OSN
mailing list