List Info

Thread: Re: USB hard drive mounting problem
Re: USB hard drive mounting problem
country flaguser name
United States		 2007-10-19 23:32:39 
Lindsay Haisley <fmouse-gentoofmp.com> posted
1192831388.10036.7.camelvishnu.fmp.com, excerpted
below, on  Fri, 19 Oct
2007 17:03:08 -0500:

> I researched this, and solved the problem.  The correct
solution was
> posted at
> http://www.linuxquestions.org/questions/s
lackware-14/12.0-and-hal-read-
this-566862/
> 
> Basically, I had to do 2 things:
> 
> 1.  Add myself to the group plugdev in /etc/group 2. 
Reload the Dbus
> config with /etc/init.d/dbus reload
> 
> It would be a Good Thing if new local accounts could be
added to group
> plugdev when they're created.

Adding users you wish to have this access to the plugdev
group is indeed 
the correct solution, and indeed, mentioned in the log
messages for the 
hal package when you merge it.  Check your portage messages
log, or see 
the elog at the end of the hal ebuilds if necessary.  So the
instructions 
were there for you to read if you wanted to.

However, security-wise, you've hit a bit of a raw nerve
here, so excuse 
me while I rant a bit...

It would *NOT* be a "Good Thing" (r), and in fact,
would be a very "Bad 
Thing" (r) to do this automatically when new users are
created, as that 
kills important aspects of the Unix/Linux security model,
the entire 
reason the generic "users" group isn't used in the
first place.  There 
are good reasons sysadmins may not WANT every user to have
automount 
rights, and it's already possible to expand your newuser
scripts locally 
to automatically add a user to various groups, if you as
sysadmin decide 
that's what you want to do.

Among other possible security issues is the fact that it's
not always 
possible to cleanly give a user the rights necessary to
mount a volume, 
without also giving them generically the rights to overwrite
system 
devices, and if you have potentially malicious users, or
even simply 
naive "innocent" users that don't understand
security and don't see any 
reason why they should /have/ to understand it, clicking on
anything that 
comes their way...  With what you're advocating, why not do
away with 
logins and have everybody run as root, thereby avoiding the
permissions 
problem entirely?  After all, MS did effectively that for
years with the 
their 9x series, and we all know how problem free /that/
was.

So... please think before you make requests for automating
procedures 
that effectively automate the creation of security holes. 
If you want 
platforms that do such things, they are available; no need
to make Gentoo 
into one of them by default.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." 
Richard Stallman

-- 
gentoo-desktopgentoo.org mailing list
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )