On Wed, Nov 10, 2004 at 04:43:41PM +0100, Martin Pitt wrote: > Marco d'Itri [2004-11-10 14:19 +0100]: > > > Our /etc/udev/udev.rules has two new rules directly after the cdrom > > > and floppy rules:
> > > # put removable IDE/SCSI devices into group 'plugdev' instead of 'disk' > > > BUS="scsi", KERNEL="sd[a-z]*", PROGRAM="/etc/udev/removable.sh %k", > > > RESULT="1", NAME="%k", MODE="0660", GROUP="plugdev" > > > BUS="ide", KERNEL="hd[a-z]*", PROGRAM="/etc/udev/removable.sh %k", > > > RESULT="1", NAME="%k", MODE="0660", GROUP="plugdev" > > What about I ship the script in udev (as /etc/udev/scripts/removable.sh) > > and your package install the rules file? Or udev provides the rules file > > too and your package enables it by creating the symlink? > I was not sure whether it is valid that packages put their scripts > into /etc/udev/rules.d. But I would be fine to leave udev.rules > untouched and have pmount ship /etc/udev/rules.d/z_plugdev.rules (z_ > because it must be executed after the standard rules; if it is > executed earlier, CD-ROM and floppy nodes will also be in plugdev, > which is not intended). But don't CD-ROM and floppy devices also need the same sort of pmount support you're proposing here? After all, you can hot-swap the media in them, so it seems reasonable to me that they can be pmounted? What's the rationale for _not_ including these in the pmount infrastructure you're proposing? Hmm. Now that I think about it, surely the plugdev group would have to be given using pam_console so that remote users in the plugdev group can't remotely stomp on the USB memory stick the local user just put in, before they could mount it? In _that_ case, cdrom and floppy strike me as _very_ appropriate for the same treatment, and the local administrator could add appropriate people directly to those groups for things like a headless server where someone whacks in a USB stick, and then wanders back to their laptop to access it. This would close (to my mind) a security hole in systems where both local and remote users have access. -- ----------------------------------------------------------- Paul "TBBle" Hampson, MCSE 7th year CompSci/Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] "No survivors? Then where do the stories come from I wonder?" -- Capt. Jack Sparrow, "Pirates of the Caribbean" This email is licensed to the recipient for non-commercial use, duplication and distribution. -----------------------------------------------------------
signature.asc
Description: Digital signature
