[SlugBug] NIS / Group ID / Hardware Access issue
James Wallbank
james at lowtech.org
Wed Apr 18 12:46:00 BST 2007
Hello All,
Here at Access Space we run an NIS server to distribute usernames and
passwords across our network clients.
The network clients are predominantly Mandriva 2006, but we're looking
to migrate to a newer distro, possibly Ubuntu 6.06 LTS, perhaps Mandriva
2007, maybe even a Debian-based distro like Xandros Open Circulation 4.
Anyway, the upshot is that we have a problem with hardware devices -
these newer distros allow hardware auto-mounting and unmounting via
groups "floppy", "cdrom", "usb" and so on, which have GIDs around 20-25.
The different distros don't necessarily synchronise the same GID numbers
- on some cdrom may be GID 24, on others that same group may be GID 25.
Now users with distributed UIDs aren't members of these groups, and
typically NIS discourages you from distributing GIDs less than 100 -
prewsumably to accommodate different client distros.
I can see several approaches to solving this issue, but I'm not sure
where to start...
1) Could we doctor the clients' /etc/passwd and /etc/group in such a way
as to automatically make any UID greater than 5000 (all our distributed
UIDs start at 5000) part of local hardware groups?
2) Could we achieve this same end more elegantly by engineering
/etc/sudoers?
3) Should we delete local hardware groups from clients, and distribute
those same group names by NIS (with higher GID's, and all NIS users
members oif those groups). I can see that this might work, but it could
make clients inconvenient to use with a local username.
4) Would /etc/fstab help us to allow all users to mount and unmount
hardware devices? Or was this the "old way" to achieve this, before
hardware abstraction layers?
5) Is there a HAL configuration that could be our answer?
I can see that this is a "standard issue" for newer *nix networks - but
many big distros nowadays start with the assumption that their
user-friendly distro is going to be used as a standalone network client.
Any thoughts on the first place to try? Maybe there's another approach I
haven't considered.
Best Regards,
James
=====
More information about the SlugBug
mailing list