etc/group - current time (not to be confused with --Current) - What is good practice/recommended?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
etc/group - current time (not to be confused with --Current) - What is good practice/recommended?
In the context of 15.0 and whatever next version is coming up if 15.1 - assuming not 16 and not relating to --Current, what should be recommended groups to be part of these days? This is what I have, and what should I remove?
-edit
Also I am the only user on this machine, no other accounts. I never bothered to add myself to wheel only because I have also been just too lazy to configure sudo. Also some are force of habit from decades ago, like adding my username to audio, and video, cdrom.
Usually you add users to a group because those users need some permission. I would say that adding users to groups is mostly a far better solution than to use sudo or su to get those permissions. That said, I don't think Daedra suggested to allways do things as root, only not to add normal users to the wheel group.
In your list of groups, I am not sure if you want to put a normal user in the sddm group. However, I can't say for sure as I don't use sddm myself.
In your list of groups, I am not sure if you want to put a normal user in the sddm group.
The same with: games pulse input messagebus haldaemon polkitd console
The system groups are used to separate privileges.
For example the mouse device nodes are readable by group input. Whatever process needs to read mouse, is in group input (or is root). If you put yourself in group input, all your processes have direct access to the mouse. (In multi-user environment to other people's mice, too).
If you are in many system groups, it's almost the same as being root all the time.
Right so clearly I do not have a firm grasp on this - maybe I really should remove myself from a few things. I do use sddm though , but I am unsure if I should still remove myself from that. Plugdev I assume is for anything USB? Also I remember back in the day there was a printer group, but no more - there is a scanner group - but I don't have a scanner. Should I also remove myself from polkitd? I probably incorrectly assumed polkit won't work / give an error if I am not there - for example if I launched gparted without being part of the polkitd group, it might error (which I am probably wrong in this assertion).
So yea, I feel that while Slackware has changed - some of the documentation hasn't quite changed with it. Should I still even be part of audio? And in this case, why is pulse its own thing, as well as in audio? And also how does pipewire work if whenever at some point Slackware moves to that as a default?
And so by this, I want to reiterate starting with version 15 and onwards , what SHOULD be recommended for groups? And to try to further simply the use-case , just for say a normal everyday desktop use, involving say even plugging in anything usb (storage, controllers(gaming), etc) ?
Video - same thing, should I still be part of video these days?
I do use sddm though , but I am unsure if I should still remove myself from that.
Yes, you should remove yourself from group sddm. Many system binaries run as special users/groups. You don't need to, yourself.
Quote:
Should I also remove myself from polkitd?
Yes, the same thing there: polkitd runs as user polkitd, group polkitd. You don't.
Quote:
if I launched gparted without being part of the polkitd group, it might error
Isn't gparted such a heavy-duty thing that you run it as root? Root does not need to be in any group, it can always do anything.
Quote:
what SHOULD be recommended for groups?
/usr/sbin/adduser script tells to press the UP arrow key to add/select/edit additional groups. And it proposes this list of "additional groups for desktop users": "audio cdrom floppy input lp netdev plugdev power scanner video". I am strongly against "input", because it gives all users read/write access to other users' mice. I don't use it. Maybe it's needed for games to access joystick?
Last edited by Petri Kaukasoina; 03-20-2023 at 10:55 AM.
Petri has beaten me to it, I was going to mention the up-arrow bit during the adduser routine. Here are my groups, I've recently started using sudo for a change, using these instructions.
Code:
brian@slackdesk:~$ id
uid=1000(brian) gid=100(users) groups=100(users),7(lp),11(floppy),17(audio),18(video),19(cdrom),71(input),83(plugdev),84(power),86(netdev),93(scanner),999(vboxusers),1000(sudo)
Ok, and video? - Is that for X11 or is it for video devices such as capture cards and not related to video cards? As for gparted, I use it because sometimes I just feel that much more lazy; and I know it prompts you for a password, and thats where polkit comes in, hence why I added myself (mistakenly thinking I needed to be part of it).
I never add myself to floppy because well I don't even have a floppy drive, so I know I don't need to be part of that. I figured also eventually that should go away. In my case, I still like using optical media and I do still burn discs (blurays), so I need cdrom at least, and I do manually create the burning group since it is not there by default.
But wouldn't that be through USB, thus needing maybe plugdev?
Yeah, most likely - but I'm in that, so I'm covered.
As Petri said:
Quote:
Originally Posted by Petri Kaukasoina
/usr/sbin/adduser script tells to press the UP arrow key to add/select/edit additional groups. And it proposes this list of "additional groups for desktop users": "audio cdrom floppy input lp netdev plugdev power scanner video".
My user name was added to these groups by 'adduser'. These are the "additional" groups added by adduser: "audio cdrom floppy input lp netdev plugdev power scanner video"
The only "stock" group I added myself to was wheel.
Recently I deleted four other users, leaving just me on this system. I took a look at an older backup. The listing is the same except of course the users are listed in the "stock" groups added to them by 'adduser' along with me. There is one exception, the "input" group. In the backup only the four users are listed. I am not listed. My guess is at one point "input" was added to the additional groups added by "adduser". I say this because this system is been around for a long time. The hardware is newer than the install. I just move the old install on to the new hardware. I have not done a "fresh" install in over 10 years. In checking the "adduser" script in the "shadow" source, I see the "input" was added (v1.16 - 2018-07-22) so it looks like I was correct.
I will be adding my self to this "input" group just for GP.
I've been looking into sudo group vs wheel group as far as granting root privileges with sudo goes. Apparently the sudo group method is a Debian/Ubuntu thing. And according to the Arch wiki, the wheel option might be preferable.
Quote:
Tip: When creating new administrators, it is often desirable to enable sudo access for the wheel group and add the user to it, since by default Polkit treats the members of the wheel group as administrators. If the user is not a member of wheel, software using Polkit may ask to authenticate using the root password instead of the user password.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.