On Thu, 27 Oct 2011 16:45:20 +0200 Martti Kühne <mysatyre@gmail.com> wrote:
On Thu, Oct 27, 2011 at 9:49 AM, Mick <bareman@tpg.com.au> wrote:
Following yet another update that has disabled user control of USB sticks, cameras, etc. and blocked user from shutting down from the desktop (in my case xfce4), I am at the end of my tether.
hello
Indeed recent updateds did fuck around with group memberships, I had to add myself again to disk, camera and iirc video groups in /etc/group. I could swear I was a member in those groups before.
There is no way to be forewarned about this stuff, Somebody, probably upstream, made a decision to code this behaviour into the updated package therefore they can and should be documenting it.
but if you could please find out which updates are causing this stuff, we could inform the devs about it in a more precise fashion. If I manage to track it down I will be putting in bug reports.
The other fact is that recent udev changes modified many of the group-based permissions, which you can only solve with manual intervention.
Solving these problems: USB sticks, cameras etc are basically represented as device nodes in /dev, eg. /dev/usb respectively. You can display those device nodes and their owner and group easily enough by printing them with ls -l: martti@deepthought:~$ ls -l /dev/sr0 brw-rw---- 1 root disk 11, 0 Oct 27 05:33 /dev/sr0
so, I have to check if I'm a member in group disk: martti@deepthought:~$ groups disk lp wheel video audio optical camera power vboxusers wireshark martti
Oh, I am a member in that group and may access/mount that device. If I happen not to be, I can add myself to groups like so: # usermod -G <groups,comma,delimited> <user>
Just checked and I can't see any changes to what I set myself. [mick@cave ~]$ groups lp,wheel,log,locate,http,video,audio,optical,storage,scanner,camera,power,users,wireshark oops disk is missing, no, group disk exists and I am a member of it, its just the group command telling fibs. Sometimes this breakage is silently fixed at a subsequent update, otherwise I have stumbled on a fix by accident. mick