Package: base-passwd
Version: 3.5.45
Severity: normal
base-passwd contains this about group plugdev:
plugdev
Members of this group can access removable devices in limited ways without
explicit configuration in /etc/fstab. This is useful for local users who
expect to be able to insert and use CDs, USB drives, and so on.
Since pmount (the original implementor of group plugdev) always mounts with
the nodev and nosuid options and applies other checks, this group is not
intended to be root-equivalent in the ways that the ability to mount
filesystems might ordinarily allow. Implementors of semantics involving
this group should be careful not to allow root-equivalence.
This is outdated information, I'd argue.
Desktops nowadays use udisks to mount removable media and udisks does
not use group plugdev anymore (it uses PolicyKit and the concept of
local users instead, as determined by logind).
I wonder if we shouldn't just drop group plugdev altogether and no
longer create it by default, although this is probably going to be
tricky. At the very least, we should mention that it is deprecated and
no longer actively used.
I mostly see group plugdev being used in a couple of udev rules files. I
wonder if we shouldn't advocate the usage of udev/loginds "uaccess".
CCed Martin, as original author of pmount.
Regards,
Michael
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages base-passwd depends on:
ii libc6 2.27-3
ii libdebconfclient0 0.243
Versions of packages base-passwd recommends:
ii debconf [debconf-2.0] 1.5.66
base-passwd suggests no packages.
-- debconf information excluded
