Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 05-31-2019, 04:48 PM   #1
Registered: Jul 2017
Distribution: korora
Posts: 90

Rep: Reputation: Disabled
Grant domain user access like he is in netdev group

The debian paradigm for granting users access to control network resources is to add him to group netdev.

I know that technically you can "gpasswd -a bgstack15 netdev" when bgstack15 is a domain account. But do I have to enumerate all my domain users and add them to this local group? That sounds unwieldy.

Is there a solution out there? I am investigating writing custom dbus or policykit policies, but I was hoping somebody has a definitive answer for this topic.

I also need a similar solution for groups audio and video (and maybe even lp and lpadmin, not sure yet).

I already tried making a freeipa group named "netdev" and adding all users. And a "getent group -s sss netdev" works, but it won't list those users when doing a non-specific "getent group netdev." Would removing the local group netdev work? Is that a bad thing to do? I guess if I tried that, I'd have to chgrp all the files to the new gid (but does that persist on /dev?).
Old 06-02-2019, 10:36 AM   #2
LQ Guru
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 15,881

Rep: Reputation: 5250Reputation: 5250Reputation: 5250Reputation: 5250Reputation: 5250Reputation: 5250Reputation: 5250Reputation: 5250Reputation: 5250Reputation: 5250Reputation: 5250
I think you will destroy your linux box if you remove the local netdev group. But you are free to try.
audio and video may work that way.

I think you need to find another way, something like sudo (or similar)
Old 10-11-2019, 10:56 AM   #3
Registered: Jul 2017
Distribution: korora
Posts: 90

Original Poster
Rep: Reputation: Disabled
General solution

I solved the problem! The full write-up is on my blog ( but here is the summary:

Use pam_group.
sudo touch "${tf}" ; sudo chmod 0644 "${tf}" ; sudo chown root.root "${tf}"
cat <<EOF | sudo tee "${tf}" 1>/dev/null
Name: activate /etc/security/group.conf
Default: yes
Priority: 900
Auth-Type: Primary
        required               use_first_pass
Update pam and choose the new option we just made, "Activate /etc/security/group.conf."
Configure nsswitch.conf (only with glibc >= 2.24)
sed -i -r -e '/^\s*group:/s/(compat|files) sss/\1 [SUCCESS=merge] sss/;' /etc/nsswitch.conf
Make local gids match the domain gids, for any of the groups you want to merge.
test -z "${LOGFILE}" && LOGFILE=/root/deploy.log
for word in netdev video audio dip ;
      tgid="$( getent group -s  sss  "${word}" | awk -F':' '{print $3}' )"
      ogid="$( getent group -s files "${word}" | awk -F':' '{print $3}' )"
   } 2>/dev/null
   # if group exists locally and in domain
   test -n "${ogid}" && test -n "${tgid}" && test ${ogid} -ne ${tgid} && {
      # use sed because groupmod fails because the new GID already exists
      sed -i -r -e "/^${word}:/s/:${ogid}:/:${tgid}:/;" /etc/group
      # log to stdout and logfile
      printf '%s %s\n' "$( date -u "+%FT%TZ" )" "Change ${word} from gid ${ogid} to ${tgid}" | tee -a "${LOGFILE}"


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Added myself to netdev but wicd says I still need to be in netdev enine Slackware 7 09-24-2010 08:36 AM
[SOLVED] wicd wants user added to netdev group, but it's already there (hal issues) quiescere Slackware 5 04-25-2010 02:59 AM
LXer: Include diff attachment -- Re: Fedora-netdev FC4: kernel-2.6.14-1.1656_FC4.netdev.7 is now available! LXer Syndicated Linux News 0 01-09-2006 09:01 PM
LXer: Fedora-netdev FC4: kernel-2.6.14-1.1653_FC4.netdev.6 is now available! LXer Syndicated Linux News 0 12-15-2005 02:32 PM
LXer: Fedora-netdev FC4: kernel-2.6.14-1.1644_FC4.netdev.5 is now available! LXer Syndicated Linux News 0 12-12-2005 04:01 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:38 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration