etc/group - current time (not to be confused with --Current) - What is good practice/recommended?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is lp for printing? I am not part of that, and I can print just fine, same with scanner - I just have a printer and non of thew crap multifunction printer/scanner devices, but I am not part of scanner and I can print still (hplip)...
I think the group lp was used back in the day when we used lp to print; which is still usable today in Slackware.
Last edited by chrisretusn; 03-22-2023 at 11:00 PM.
The sddm process (as any login manager like xdm, gdm, kdm) should be run as root because only root is able to become other users. When you log in with sddm you want to become your own normal user.
However, all normal users should be able to login with a login manager without having to be member of a group.
regards Henrik
That leaves the question: what is the sddm group for then?
The sddm process (as any login manager like xdm, gdm, kdm) should be run as root because only root is able to become other users.
Quote:
Originally Posted by zeebra
That leaves the question: what is the sddm group for then?
Privilege separation. /usr/bin/sddm.bin runs as root. It starts several processes which don't need root privileges and they run as user sddm, group sddm.
There are others. Like ntpd running as ntp.ntp, polkitd running as polkitd.polkitd, atd running as daemon.daemon.
Lp is for printing lpadm is for printer administration. Probably standard CUPS stuff.
A couple of lines in /etc/cups/cups-files.conf:
Code:
# Default user and group for filters/backends/helper programs; this cannot be
# any user or group that resolves to ID 0 for security reasons...
#User lp
#Group lp
# Administrator user group, used to match @SYSTEM in cupsd.conf policy rules...
# This cannot contain the Group value for security reasons...
SystemGroup sys root wheel
# User that is substituted for unauthenticated (remote) root accesses...
#RemoteRoot remroot
So, cups runs as root, but runs filters without root privileges as user lp, group lp. Groups sys, root, wheel work for administrative tasks.
I haven't used a webcam in a while - (how does this apply to integrated webcams on a notebook though?), but if thats the main purpose and doesn't imply I need it for DRI for my GPU, I guess I can remove myself from that too.
I've always found it odd that access to V4L2 devices like webcams have been conflated with the other devices in the 'video' group, such as graphics card/dri/framebuffer devices. It feels like a mistake to me, but I've never been bothered enough to modify it.
Privilege separation. /usr/bin/sddm.bin runs as root. It starts several processes which don't need root privileges and they run as user sddm, group sddm.
There are others. Like ntpd running as ntp.ntp, polkitd running as polkitd.polkitd, atd running as daemon.daemon.
On OpenBSD they started prefixing users/groups intended purely for privilege separation with an underscore to make it clear that they were system groups/users and not intended for use by real users. I won't suggest we do it here as it would be too visible/high impact a change for Slackware, but IMO it was a smart move.
My conclusion is:
audio is required for files in /dev/sound
cdrom is required for /dev/sr0
floppy is not required (I do not have one in this PC)
input gives access to files under /dev/input (I defer to Petri Kaukasoina)
lp is required for a lot of printing stuff {I have a proprietary printer driver installed)
netdev is required for /dev/rfkill
plugdev is required (I use USB devices)
scanner is needed for sane to set a lock in /var/lock/sane
video gives access to files in /dev
I've always found it odd that access to V4L2 devices like webcams have been conflated with the other devices in the 'video' group, such as graphics card/dri/framebuffer devices. It feels like a mistake to me, but I've never been bothered enough to modify it.
So then its NOT for video devices, other than just GPU ?
If you look at it logically, video capture devices have little to do with the gpu/framebuffer devices. It makes more sense to put them each in their own group, but for whatever reason they all get lumped into 'video'.
If you look at it logically, video capture devices have little to do with the gpu/framebuffer devices. It makes more sense to put them each in their own group, but for whatever reason they all get lumped into 'video'.
Alright, but does one even need to be part of video for having an X11 or wayland session with direct rendering these days? Someone stated you need this for GPU passthrough, but thats too advanced for me - although I do run VMs, but I haven't the need for GPU passthrough anyways.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.