Hi folks, If there's a more appropriate place to ask this, please let me know.
I manage a large number of workstations which run Debian. Everyone in my organization need to be able to access any of these workstations, and they expect basic services (like sound, for example) to work properly. Red Hat has a nice PAM library that lets people access, say, the sound devices when they log in on the console. Thus anyone who logs in automatically has access to the sound devices. However, this facility appears to be lacking in Sarge. Note: it is not possible for me to add everyone to the audio group. The workstations get all authentication and group memberships from corporate resources which I do not control. And, even if it were possible, it would be a very bad solution given the large number of machines and large number of users; it would be a maintenance nightmare. Conveniently, everyone who needs to access these machines is in a common group. So, barring trying to compile pam_console for debian and making a custom debian package of it, which I don't want to get involved with, the obvious solution, by far the cleanest and most appropriate solution, is to change the group ownership of the necessary devices to that group. Sounds simple, doesn't it? Except that Debian seems to have some mechanism which, at boot time, resets the group ownership of /dev files. Worse yet, there seems to be more than one of them... I found /etc/init.d/makdev AND REMOVED IT, but despite that, the /dev file ownerships are still getting reset at boot time. Thus, whenever the systems are rebooted, users can't use sound. It's understandably annoying to them, which makes it rather annoying to me. ;-) Anyone know how I can make this stop? Or alternately, know a different way to solve this which I have not already discussed? FWIW, as a long-time system administrator of Unix systems in a wide variety of environments, I consider this behavior highly undesireable, and would like to suggest to any developers listening that they consider changing that behavior. It combined with the lack of pam_console or something like it, this behavior makes managing user access to devices quite difficult. If you're managing your own box, it's a simple matter to add yourself to the audio group; but in many different computing environments, that's just not a feasible option. Thanks. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
pgpHJvM6ybrbx.pgp
Description: PGP signature
