On Tuesday 19 January 2016 07:54:30 Cindy-Sue Causey wrote:
> On 1/19/16, Chris Bannister <cbannis...@slingshot.co.nz> wrote:
> > On Sun, Jan 17, 2016 at 05:19:34PM -0500, Gene Heskett wrote:
> >> I hadn't thought of that. My bad. OTOH, although no one has come
> >> thru the router except to view my web page, do I really want to do
> >> that in the event they do get thru? That could make their raising
> >> a little hell just that much easier.
> >
> > Only root can add a user to the admin group.
>
> I couldn't find the words to bring together to answer him yesterday,
> but I know what he's saying. In self-teaching myself how to
> debootstrap where you set up EVERYTHING yourself, I had to read up a
> little on adding groups. One warning floating around out there is that
> we should add ourselves to the absolute barest minimum of groups
> possible.
>
> The reason? Every group that we add ourselves to, yes, conveniently
> expands our privileges, but then, yes, woefully expands the access
> privileges of anyone who might hack into our systems.
>
> The alternative is battling what isn't working that is the reason
> we're considering upping the number of groups for which our user(s)
> is/are a member. The payoff is easier Debian'ing for the the folks who
> come behind us....
>
> Is it sound or audio I've just seen bantered around a little? I'm not
> member of that group, but I still get sound. My user is member of a
> very limited number of groups. I just ran the command "groups" and
> received back dialout, sudo, netdev, and its own ("elf").
>
> Debian Wiki has a SystemGroups page with a few group descriptions:
>
> https://wiki.debian.org/SystemGroups
>
> Audio's description is: " This group can be used locally to give a set
> of users access to an audio device (the soundcard or a microphone)."
>
> Oh, man, you all may have just solved one of MY long term issues...
> not being able to record via microphone. *smacking head and laughing
> (out loud) *
>
> PS The netdev one, had completely forgot about it. This thread gets a
> second k/t for incidentally possibly solving something elsewhere
> there, too. If any of you all are part of the most recent threads
> going on about networking failures, would you please consider asking
> the original posters on those if their affected user is member of
> netdev? Users like us being a member of netdev became almost a
> necessity in recent times. Thank you! :)
>
> Cindy :)
Cindy is correct, I was amazed at how many I have made myself a member
of, just so I could use the hardware and interfaces this machine
posesses. My attitude of course since I am the first and only human
user of this machine, is that I bought and built it for ME to use.
When the udev people decides I can't be trusted to use my floppy or
cdrom, which is in fact a dvd writer, or reconfigure my network so it
works because network-mangler can't, what other choice do I have but to
make myself a member of that group? Sure i can sudo and go fix it, but
even fixed I can't use it.
It is after all, MY machine, and I built it to USE it, not fight with
Greg and his ideas about security. The last fix I had to do? Undo
something that was changed in the last year, was to put, in rc.local a
perms change to allow access to /dev/ttyUSB0, that was discovered at
midnight 1/1/16 when heyu's crontab tried to upload the next years
timeing settings to my CM11a that runs all my X10 stuffs here. The odd
part of that was that I could still "heyu turn a14 off" without any
access errors a couple days earlier. Strangely, nut has had no similar
problems accessing "myups" over /dev/ttyUSB1.
What is even more maddening is that the latest version of lsof is now no
longer able to display that open and active path to /dev/ttyUSB0 until
several minutes after the daemon heyu_relay had been started. Now it
shows up, but 10 seconds after I issued a command to heyu, it wasn't
there. Now it is. Me, goes off shaking head, it doesn't grok. Even
running lsof as root didn't show it.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
