etc/group - current time (not to be confused with --Current) - What is good practice/recommended?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I rarely use sudo. I was not aware of a sudo group. Must be a *buntu thing. I good with logging in as root or using su.
Perhaps. Group 'wheel' is used in all distributions I have used. Even the default sudoers has an entry (maybe commented out depending on distro) for wheel.
In your list of groups, I am not sure if you want to put a normal user in the sddm group. However, I can't say for sure as I don't use sddm myself.
I've tried sddm once, and I couldn't run it manually (as oppose to runlevel 4). I probably should have been in the sddm group to be able to run it, since sddm runs X for you, and you probably can't login to X through sddm without that access?
Video - same thing, should I still be part of video these days?
Quote:
Originally Posted by zeebra
Probably not unless you need it for a specific reason, like running KVM/QEMU as a user session with GPU passthrough or something like that.
Code:
ls -la /dev/dri
/dev/dri/card0 root video
/dev/dri/renderD128 root video
Let's look at it closer:
Code:
$ ls -l /dev/dri/card0
crw-rw----+ 1 root video 226, 0 2023-03-17 16:02 /dev/dri/card0
$ getfacl /dev/dri/card0
getfacl: Removing leading '/' from absolute path names
# file: dev/dri/card0
# owner: root
# group: video
user::rw-
user:kaukasoi:rw-
group::rw-
mask::rw-
other::---
There is an extra '+' after 'crw-rw----', meaning there is a file access control list. getfacl shows that the owner is root but user kaukasoi (me) also has read/write access. So, I don't need to be in group video to access /dev/dri/card0. Who gave me that access? elogind+eudev. They know I have logged in locally (see "loginctl list-sessions") and therefore I may need access to the graphics hardware. I also have a cdrom drive:
I am allowed to burn cdroms without being in group cdrom.
The old way of giving static group access via /etc/group means even non-local users have access to peripherals while some other (local) user is using the machine simultaneously. It's not needed any longer, which is a good thing in a multi-user environment. It's not a good idea to let others read your mouse, display, usb stick etc.
Last edited by Petri Kaukasoina; 03-22-2023 at 07:52 AM.
I've tried sddm once, and I couldn't run it. I probably should have been in the sddm group to be able to run it, since sddm runs X for you, and you probably can't login to X through sddm without that access?
I have never been in group sddm, and I can login to X using sddm.
Probably not unless you need it for a specific reason, like running KVM/QEMU as a user session with GPU passthrough or something like that.
Code:
ls -la /dev/video*
/dev/video0 root video
/dev/video1 root video
Code:
ls -la /dev/dri
/dev/dri/card0 root video
/dev/dri/renderD128 root video
Maybe if you play "real" games on your computer, they might need it.
GPU passthrough is above my skill level anyways, but I don't need to be part of video for DRi on my GPU? Also does emulation count as real games (console emulation)? Only actual other games I have played is xonotic.
These in bold are all assigned when using "adduser" to add a new user.ISomething a normally do when adding new users or my self to a new system. I view this as Slackware standard.
Last edited by chrisretusn; 03-22-2023 at 10:56 PM.
These in bold are all assigned when using "adduser" to add a new user.ISomething a normally do when adding new users or my self to a new system. I view this as Slackware standard.
Is lp for printing? I am not part of that, and I can print just fine, same with scanner - I just have a printer and non of thew crap multifunction printer/scanner devices, but I am not part of scanner and I can print still (hplip)...
netdev: Members of this group can manage network interfaces through the network manager and wicd.
Don't really need it, so guess I'll remove myself from that.
Quote:
video: This group can be used locally to give a set of users access to a video device (like a webcam).
I haven't used a webcam in a while - (how does this apply to integrated webcams on a notebook though?), but if thats the main purpose and doesn't imply I need it for DRI for my GPU, I guess I can remove myself from that too.
Quote:
scanner : Members of this group can enable and use scanners.
Gone, i don't have a scanner.
Quote:
users: While Debian systems use the private user group system by default (each user has their own group), some prefer to use a more traditional group system, in which each user is a member of this group.
I am part of this group, and I do not know if it is good practice, but I have chowned my external HD as users so I can access it on my other Linux machine (notebook).
The default is for the user to belong only to the initial group.
Because of this, I think it's a safe default to only have one group for regular user.
I always use adduser, as mentioned here:
Quote:
Originally Posted by Petri Kaukasoina
/usr/sbin/adduser script tells to press the UP arrow key to add/select/edit additional groups. And it proposes this list of "additional groups for desktop users": "audio cdrom floppy input lp netdev plugdev power scanner video"
Check out the authors of the script, I think they're reliable, and know what's safe.
I've tried sddm once, and I couldn't run it manually (as oppose to runlevel 4). I probably should have been in the sddm group to be able to run it, since sddm runs X for you, and you probably can't login to X through sddm without that access?
The sddm process (as any login manager like xdm, gdm, kdm) should be run as root because only root is able to become other users. When you log in with sddm you want to become your own normal user.
However, all normal users should be able to login with a login manager without having to be member of a group.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.