Quoting Alessandro Selli (alessandrose...@linux.com): > IMO, using root's password in those same cases is the worst possible > password use case. One thing is your non-privileged user's password > being captured when you mount an external drive, a different thing is > giving away root's password performing the same trivial task.
You might have missed my point that your suggestion makes that 'non-privileged user's password' privileged -- such that every time you use it in any situation, you are exposing a privleged password. Which I deem very undesirable. >> but it also has a secondary use to escalate privilege to root. > > Just like using su does. 'su -' does of course escalate (obviously), but _not_ as a secondary use of an otherwise non-privileged login. But I think the point should be clear, and I don't care to keep re-discussing this point. Anyway, I'm glad whatever you do works for you. > Needing to type it just to mount an external drive increases the > chances it will be used many times when easily avoidable. As already mentioned, this does not describe my experience. > This too would be a better solution than having to use su to just > mount external drives. I do not concur, because IMO mounting/umounting is, in the general case, security sensitive and ought to be treated with caution, which includes not permitting arbitrary mounts/umounts by unprivileged users. But I think the point should be clear, and I don't care to keep re-discussing this point. > This is precisely the reason I suggested using sudo, which allows > fine-tuning who gets to do what as another user. IMO mounting/umounting is, in the general case, security sensitive and ought to be treated with caution, which includes not permitting arbitrary mounts/umounts by unprivileged users. But I think the point should be clear, and I don't care to keep re-discussing this point. > This too is much better than having to use su. IMO mounting/umounting is, in the general case, security sensitive and ought to be treated with caution, which includes not permitting arbitrary mounts/umounts by unprivileged users. But I think the point should be clear, and I don't care to keep re-discussing this point. Anyway, I'm glad whatever you do works for you. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
