So I just recently installed fresh 13.37 over my 13.1 install. Went multilib, and added myself to the usergroups I thought I might need. But truth is, I don't know what half of these are and I just picked the ones that sounded right.

I'm the only user on this computer, although I might possibly maybe add another someone if I have to for some reason.

For my user account, I added myself to:
Basically, I want my own account to be able to do everything I normally do without too much restriction (use the disc drive, mount harddrives, browse the web, read/send email via Thunderbird, download stuff, etc), but leaving the important stuff to root so that if someone else happens to use the computer under my account, they can't do any damage. Did I select the right groups for this? Should I add or remove any?

And what groups should a user have if I just want them able to browse the web, download files, use their /home, run non-root apps, and nothing else?

Thanks!

I am member of these groups and totally fine with it:

1 members found this post helpful.

You have too many (IMO).

The groups... ...will allow you to do just about anything.

If you want to give yourself sudo access to all commands, you can add the wheel group to the above list. However, you'll have to edit the /etc/sudoers file and uncomment some lines to turn that on. The comments in the file tell you which lines you would choose.

...will do the trick.

1 members found this post helpful.

You might also want to add yourself to lp, scanner, and uucp.

1 members found this post helpful.

This is a questions that has been bothering me for a while too. A few groups a specified in the documentation that comes with Slackware, but the rest just seem like it would be a good idea to belong.

There has to be a way to trace where each group comes from and what the functional and security implications are for belonging to a group.

The groups Richard Cranium listed pretty much cover the bases. Frankly, many of the groups listed in the OP, it's dangerous and/or insecure to add a regular user to.

The vast majority of those groups exist for the sole purpose of having a non-privileged accounts for various daemons to drop to after starting. There is absolutely no reason for a normal user (even one that can do pretty much anything) to belong to those.

I don't know if cdrom implies you can burn optical media though does it? If not you might want to add burning into /etc/group and add yourself to it.

I have added that and my username to it so I can burn optical media but I just don't know if that is redundant because of cdrom.

Way too many groups. None of my user accounts are members of the following groups:

bin mem kmem mail news uucp man dialout games mysql sshd gdm shadow ftp messagebus haldaemon netdev console kismet

Some examples:

My primary user account is a member of the following groups:

$USER disk wheel floppy audio video cdrom plugdev power scanner users vboxusers compilers media

The last two groups are related only to my LAN and are not stock Slackware groups. The compilers groups is for maintaining my package building environment. The media group is for maintaining shared media files. For example, anybody who is a member of the users group has read access to my shared media files but only a member of the media group can modify tags; add, delete, and edit files; etc.

Most of the remaining accounts in my LAN are members of the following groups:

$USER disk floppy audio video cdrom plugdev scanner users

I have some special accounts that serve restricted purposes and are not a member of the users group. For example, I have a special kiosk account that is a member of only the following groups:

$USER audio video plugdev power

I created the kiosk account with the intention of allowing house guests to use my computers for web browsing but prevent them from snooping around the computers and LAN. The limited groups and specially configured desktop prevent snooping. For example, the kiosk account can download files and insert a USB flash drive but with no file manager availability or desktop icons the guest user needs my help to move the file to the USB device. In other words I will know if a p0rn video was downloaded (and my kiosk login message warns the user of this).

On my home theater PC my primary login account is a member of the following groups:

$USER disk floppy audio video cdrom plugdev power

Like the kiosk account, the desktop is specially configured to restrict traditional desktop computer usage.

Of course, appropriate directory and file permissions are needed to compliment the various group assignments.

Do know there is a 16 group "threshhold." Exceeding that number of groups will not stop the world from spinning but will result in a nagging message during logins.

Sounds like a project for somebody. Would be handy information for the LQ wiki or Slackbook.

Most of those types of groups are for daemons and services, not users.

1 members found this post helpful.