The “rise” of udev, hal, dbus, networkmanager, powermanager applet and such has caused an increase of groups on the typical debian system.

Groups provide a reliable way of granting access rights, so this is a good thing. The drawbacks are that you need to add users to these new groups and users need to logout and login again to get these new group rights.

Groups you might want to assign to typical desktop users include: audio, video, plugdev, netdev, powerdev, dip, scanner, cdrom, floppy

You can assign these groups using the gnome user manager, or by the following shell script as root:

for user in USERNAME1 USERNAME2; do \
for group in audio video plugdev netdev powerdev \
dip scanner cdtom floppy; do adduser $user $group; done; done

We’re lacking a way to handle such changes on upgrade, though. This definitely is something we should handle with etch, that on upgrade the user is offered an easy way to update his group permissions.

Anyone knows how to put winbind-users into unix groups? I have some machines where user accounts are actually loaded from ActiveDesaster, authenticated using kerberos. Winbind works fine for the single-host username to uid mapping, but it doesn’t give me an option to assign e.g. the plugdev group to all users. Which I really need.