Hi, Thanks for your interest.
On Mon, Sep 03, 2007 at 11:32:05PM -0500, Karl O. Pinc wrote: > Package: debian-reference-en > Version: CVS HEAD > Severity: wishlist > Tags: patch > > There's a regular problem on irc with newbies who've not > got permission to access various hardware devices. The > reference manual should get this out of the way early, > and explain groups and that it's the job of the root > user to grant permission to various hardware devices etc. > > This has bearing on bug #403755. > > Apply patch with: cd qref/en ; patch -p1 < group.patch > > Note that I used the long option names. I don't know > if that's in line with the manual's regular style. > > -- System Information: > Debian Release: 4.0 > APT prefers stable > APT policy: (500, 'stable') > Architecture: i386 (i686) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.6.18-5-686 > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > diff -ruN en.old/tune.sgml en/tune.sgml > --- en.old/tune.sgml 2007-01-18 16:31:58.000000000 -0600 > +++ en/tune.sgml 2007-09-03 21:51:12.000000000 -0500 > @@ -208,7 +208,7 @@ > auth sufficient pam_wheel.so trust group=adm > </example> > > -<sect1>Purposes of standard groups > +<sect1 id="standard-groups">Purposes of standard groups Yah, "standard group" is good to mention. But if this is for devices, floppy etc may serve better as example. > <p> > A few interesting groups: > <list compact> > diff -ruN en.old/tutorial.sgml en/tutorial.sgml > --- en.old/tutorial.sgml 2006-01-22 02:33:11.000000000 -0600 > +++ en/tutorial.sgml 2007-09-03 23:27:33.000000000 -0500 > @@ -66,6 +66,7 @@ > <item>set file ownership and permission of any files on the system > <item>set the password of any non-privileged users on the system > <item>login to any accounts without their passwords > +<item>allow ordinary accounts to access hardware devices: audio speakers, > floppy drives, cd drives, scanners, etc. > </list> > <p> > It is extremely bad idea to share the access to the root account by > @@ -124,16 +125,33 @@ > ... answer all the questions > </example> > will create it. > -<footnote> > -You may want to add this user <tt><var>penguin</var></tt> to the > -<tt>adm</tt> group to enable read access to the many logfiles in > -<file>/var/log/</file>. See <manref name="passwd" section="5">, <manref > -name="group" section="5">, <manref name="shadow" section="5">, <manref > -name="group" section="5">, <manref name="vipw" section="8">, and <manref > -name="vigr" section="8">. For the official meanings of users and > + > +<sect1 id="granting-access">Granting access to privileged hardware and data > +<p> > +You may (or may not) want to grant the <tt><var>penguin</var></tt> user > +read access to the many logfiles in > +the <file>/var/log/</file> directory, or may (or may not) want to enable > +write access to attached speakers so that the user can listen to music. > +<p> > +To ease administration and allow many people to share the same set of > +access rights, the necessary permissions have already been granted to > +what are known as <strong>groups</strong>. The <tt>adm</tt> group is allowed > +read access to various administrative files, and the <tt>audio</tt> > +group is allowed write access to the various hardware components which > +drive the speakers. All that remains is to put the > <tt><var>penguin</var></tt> > +user into both groups. I see. > +<example> > +root@<var>foo</var>:root# usermod --append --groups adm,audio penguin > +</example> > +<p> > +See <ref id="standard-groups">, or for the official meanings of users and > groups, see a recent version of the <url id="&f-users-and-groups;" > name="Users and Groups"> document. > -</footnote> > +See also <manref name="passwd" section="5">, <manref > +name="group" section="5">, <manref name="shadow" section="5">, <manref > +name="group" section="5">, <manref name="vipw" section="8">, and <manref > +name="vigr" section="8">. > +<p> > Before going further, let's learn few things first. > > <sect1 id="sw-console">Switch between virtual console -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
