[Slackbuilds-users] HAL 'plugdev' system-group (ivman/pmount)
Nenad Spirkoski
spiki at verat.net
Wed May 16 18:36:37 UTC 2007
Patrick J. Volkerding wrote:
> Robby Workman wrote:
> > Menno Duursma wrote:
> >> Hello ya'll,
> >>
> >> The configfile for HAL included in the buildscript sets the 'users'
> >> group as the one allowed to mount volumes. However the default used in
> >> other distros (or atleast Debian) Bis 'plugdev' which might improve
> >> security.
> >
> > Hmmm... I like that idea, and assuming that it's fairly standard, I
> > would definitely be willing to change the way we do it. In fact, I
> > intended to do some more research into how other distros are handling
> > it, but I wanted to get a working build out first and then handle the
> > tweaks and such later - I've just not had time to follow up on it.
> > If Debian uses 'plugdev' then that's certainly an option. If anyone
> > uses some other distros and would like to chime in on this with
> > respect to what $DISTRO uses for that group, feel free. :-)
>
> Wouldn't it make more sense to just reuse the "cdrom" group for this?
> IMHO, allowing a users to mount a pluggable device isn't much different
> from allowing them to mount a CD/DVD.
Since i'm fidling with Gentoo these days i found that, in their documentation
(gentoo handbook), they list (/recomend) groups in which user might
(/should) be added. Among others there is group plugdev. I remembered that
because in their 2007.0 edition the group "plugdev" doesn't exist by default
so i got error :)
Group ivman is created after instalation of ivman.
guliette ~ # ls -al `which ivman`
-rwxr-xr-x 1 root root 55976 May 16 20:23 /usr/bin/ivman
guliette ~ # ls -al `which pmount`
-rws--x--- 1 root plugdev 29692 May 16 20:24 /usr/bin/pmount
guliette ~ # grep ivman /etc/passwd
ivman:x:103:1002:added by portage for ivman:/dev/null:/sbin/nologin
guliette ~ # grep plugdev /etc/group
plugdev:x:1002:haldaemon
BTW, on Gentoo there are even more groups for playing. Quote:
cdrom be able to directly access optical devices
floppy be able to directly access floppy devices
usb be able to access USB devices
plugdev Be able to mount and use pluggable devices such as cameras and USB
sticks
IF, and only if, after The Man himselve has spoken, information on other
distributions is still needed i will provide you with information about:
CentOS, RHEL, SLES, Fedora, Mandriva, Ubuntu (yeah, crazy, though luckily
last 3 only on tech support desktops)
--
..you could spend *all day* customizing the title bar. Believe me. I
speak from experience.
-- Matt Welsh
More information about the Slackbuilds-users
mailing list