[SlugBug] NIS / Group ID / Hardware Access issue

James Wallbank james at lowtech.org
Wed Apr 18 12:46:00 BST 2007 

Hello All,

Here at Access Space we run an NIS server to distribute usernames and 
passwords across our network clients.

The network clients are predominantly Mandriva 2006, but we're looking 
to migrate to a newer distro, possibly Ubuntu 6.06 LTS, perhaps Mandriva 
2007, maybe even a Debian-based distro like Xandros Open Circulation 4.

Anyway, the upshot is that we have a problem with hardware devices - 
these newer distros allow hardware auto-mounting and unmounting via 
groups "floppy", "cdrom", "usb" and so on, which have GIDs around 20-25.

The different distros don't necessarily synchronise the same GID numbers 
- on some cdrom may be GID 24, on others that same group may be GID 25.

Now users with distributed UIDs aren't members of these groups, and 
typically NIS discourages you from distributing GIDs less than 100 - 
prewsumably to accommodate different client distros.

I can see several approaches to solving this issue, but I'm not sure 
where to start...

1) Could we doctor the clients' /etc/passwd and /etc/group in such a way 
as to automatically make any UID greater than 5000 (all our distributed 
UIDs start at 5000) part of local hardware groups?

2) Could we achieve this same end more elegantly by engineering 
/etc/sudoers?

3) Should we delete local hardware groups from clients, and distribute 
those same group names by NIS (with higher GID's, and all NIS users 
members oif those groups). I can see that this might work, but it could 
make clients inconvenient to use with a local username.

4) Would /etc/fstab help us to allow all users to mount and unmount 
hardware devices? Or was this the "old way" to achieve this, before 
hardware abstraction layers?

5) Is there a HAL configuration that could be our answer?

I can see that this is a "standard issue" for newer *nix networks - but 
many big distros nowadays start with the assumption that their 
user-friendly distro is going to be used as a standalone network client.

Any thoughts on the first place to try? Maybe there's another approach I 
haven't considered.

Best Regards,

James
=====

More information about the SlugBug mailing list