Am 17.06.2014 17:04, schrieb Yann Amar: > Package: udev > Version: 204-10 > Severity: normal > > Dear Maintainer, > > since some Debian specific rules (91-permissions.rules?) have been dropped > from > udev, external media (USB, firewire, SD-card) belong to disk group: > > user@debian:~$ ls -l /dev/sd* /dev/mmc* > brw-rw---- 1 root disk 179, 0 juin 16 23:51 /dev/mmcblk0 > brw-rw---- 1 root disk 179, 1 juin 16 23:51 /dev/mmcblk0p1 > brw-rw---- 1 root disk 8, 0 juin 16 23:33 /dev/sda > brw-rw---- 1 root disk 8, 1 juin 16 23:33 /dev/sda1 > brw-rw---- 1 root disk 8, 16 juin 16 23:40 /dev/sdb > > This makes the default user is unable to modify the removable devices. > This means that only privileged users can dd a disk image on a USB stick, or > fully erase its content, or install a bootloader on it, and so on. CD/DVD > disks belong to 'cdrom' group, allowing default user to burn them from > commandline interface. Why shouldn't be the case for other removable media? > > Knowing that the default user created during installation is member of > secondary groups 'floppy' and 'plugdev', and knowing that making this user a > member of the 'disk' group will only lead to security issues, wouldn't be > possible to (re)introduce specific rules to manage external/removable devices > differently than the internal ones, and make them readable and writable by any > member of 'floppy' or 'plugdev'? Or is there a plan to work around this issue?
Static groups are a workaround, not very flexible and an all-or-nothing approach. Use a tool like udisks if you need a more dynamic solution. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
