Results 1 to 10 of 10

Thread: user & group administration-dialout, video, users

  1. #1

    Default user & group administration-dialout, video, users

    Hi,

    I'm curious what others would recommend as to other safe additional groups to belong to here.

    The group, default users, belongs to dialout, video, and if one clicks on "edit" "details" one can see "video" and "dialout" ticked. (hmmm, though "users" is not ticked here.)

    I plan to listen to audio cd's and watch video DVD's. In other lnx distributions I have used, often wheel, cdrom, audio, and users is ticked for additional groups, and sometimes disks as well, though I read at one bug report that one said it wasn't a good idea to add disk.

    My setup is openSUSE 11.1 for 64-bit processor. I have installed (well, actually re-installed) with user with own password not given administrative privileges and a separate root password.

    I looked over some posts on the subject, but they are vague additional groups

    Orba (oh, forgot to add, it is KDE4 desktop environment)

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,732

    Default Re: user & group administration-dialout, video, users

    It is certainly not a good idea to add disk. We just had a user overwriting his file system with a file. This was done either by him being root, or by his normal user that was added to the disk group.

    I never changed something in this respect and can listen/look (but I have no need to dial-out). This is 10.3, but this principle should work on 11.x also imho.
    Henk van Velden

  3. #3

    Default Re: user & group administration-dialout, video, users

    Hi Henk,

    I wondered why it wasn't a good idea to have disk added to additional groups for users. That certainly answers my question!

    I forgot to mention that I use an external 56k modem, so I do need dialout ticked.

    Thanks again for your feedback! I appreciate it.
    Orba
    Last edited by orba; 25-Mar-2009 at 13:55. Reason: corrected spelling

  4. #4
    Join Date
    Jun 2008
    Location
    West Yorkshire, UK
    Posts
    3,433

    Default Re: user & group administration-dialout, video, users

    Sorry, but I don't understand the problem with adding users to the disk group; the DVD/CD drives belong to the disk group and therefore users can only use the DVD/CD if they are also part of the disk group.

    I added all my users to the disk group immediately after installing and everything has been fine.

  5. #5
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,587
    Blog Entries
    14

    Default Re: user & group administration-dialout, video, users

    Right john_hudson. If you're not a member of 'disk' you cannot burn CD's or DVD's. k3BSetup even sets the perms of /dev/sr0 to 664 .....

    But indeed, the risk is that a normal user could do less funny things.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  6. #6
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,732

    Default Re: user & group administration-dialout, video, users

    I am still on 10.3. My normal uid is NOT a mentioned in the disk group. I can burn with k3b.

    I also understood that there is a bug somewhere in 11.1 (11.0?). Searching in the forum must help here. The opinion of some people (including me) is that breaking down security to by-pass the bug is not very clever. Specialy as you do not write with big letters on the wall: Change this back as soon as the bug is patched! Most people will be just happy that it "works again" without even understanding the consequences. At least one of them now does understand.

    And as orba shows, there are already posts around that simply say: add your username to the diskgroup.
    Henk van Velden

  7. #7

    Default Re: user & group administration-dialout, video, users

    Yes, there are a few threads, and even a blog or two about adding "disk" to additional groups. One example where it is mentioned about a variation of the bug fix (in the patch as of January) is here: cannot_mount_cdrom
    My bug problem with 11.1 kde4 for 64 bit is that no audio cd is recognized by Dolphin. although I can play it with Kaffeine and KsCD. I've read replies to suggest adding disk and cdrom to additonal groups, but it didn't fix the problem. I think it is a udev glitch and am waiting for this fix to appear as a patch. At least I can play the cd's. (Edited to add, that it isn't a permission problem as the same thing happens if I log in as root and insert an audio cd.)

    What I really need to do is find a good basic write up on this part of the LINUX system, users groups management is a mystery to me, but I will do some searching on the subject. I'm still tempted to tick "users" under, additional groups, or at least I would think that would be ticked as the "default group for new users" is "users", but it isn't ticked under the additional groups section as well. Just a bit confused about that one.

    Thanks for the feedback!
    Orba

  8. #8
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: user & group administration-dialout, video, users

    If an account's primary group is already "users", adding "users" to the supplementary groups won't make any difference. So new (human) users do not need to get a supplementary group of "users" they are already in "users" as their primary group. The effective set of groups for an account is the union of the primary and the supplementary groups.

  9. #9
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,732

    Default Re: user & group administration-dialout, video, users

    Not much to add to ken_yap.

    The primary user is found in the users entry in /etc/passwd. That is the one tied to your processes when you log in. So when you create files they will get that group.

    The user can also change the group its processes run with, with the newgrp command. But IMHO there is not much usage for it.

    When curious look for terms like "real and effective group ID".
    Henk van Velden

  10. #10

    Default Re: user & group administration-dialout, video, users

    Thanks Ken and Henk. That had me curious and wondering if it was a mess up in the User management GUI.

    And thanks for the keywords to do a search for. This is of much help and appreciated!
    This post can be marked solved if needs be.

    Orba

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •