Package: base-passwd Version: 3.5.45 Severity: normal base-passwd contains this about group plugdev:
plugdev Members of this group can access removable devices in limited ways without explicit configuration in /etc/fstab. This is useful for local users who expect to be able to insert and use CDs, USB drives, and so on. Since pmount (the original implementor of group plugdev) always mounts with the nodev and nosuid options and applies other checks, this group is not intended to be root-equivalent in the ways that the ability to mount filesystems might ordinarily allow. Implementors of semantics involving this group should be careful not to allow root-equivalence. This is outdated information, I'd argue. Desktops nowadays use udisks to mount removable media and udisks does not use group plugdev anymore (it uses PolicyKit and the concept of local users instead, as determined by logind). I wonder if we shouldn't just drop group plugdev altogether and no longer create it by default, although this is probably going to be tricky. At the very least, we should mention that it is deprecated and no longer actively used. I mostly see group plugdev being used in a couple of udev rules files. I wonder if we shouldn't advocate the usage of udev/loginds "uaccess". CCed Martin, as original author of pmount. Regards, Michael -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages base-passwd depends on: ii libc6 2.27-3 ii libdebconfclient0 0.243 Versions of packages base-passwd recommends: ii debconf [debconf-2.0] 1.5.66 base-passwd suggests no packages. -- debconf information excluded