Automatic Audio and USB access for local users
To enable single-sign-on with an existing windows network, I’ve been using winbind and kerberos to login users.
Unfortunately, winbind doesn’t have functionality to automatically add users to certain groups, e.g. audio, video, plugdev.
But I want to allow local users to access audio and USB drives on these machines.
I just found an easy way to do that:
- Add
auth optional pam_group.so
to your/etc/pam.d/gdm
file - Add
*; :0 ;*;Al0000-2400;audio, video, plugdev
to your/etc/security/group.conf
file
This will give the first user logged in via the GDM login screen access to
both USB sticks and audio playback. Using :*
this should apply to
all local users; a similar line with tty*
should work for local
ttys.
Note that this applies to any local user, not only to winbind users.
Other groups you might want to add: cdrom, scanner, dip, netdev