Patrick J. Volkerding wrote:
> Robby Workman wrote:
> > Menno Duursma wrote:
> >> Hello ya'll,
> >>
> >> The configfile for HAL included in the buildscript sets the 'users'
> >> group as the one allowed to mount volumes. However the default used in
> >> other distros (or atleast Debian) Bis 'plugdev' which might improve
> >> security.
> >
> > Hmmm... I like that idea, and assuming that it's fairly standard, I
> > would definitely be willing to change the way we do it.  In fact, I
> > intended to do some more research into how other distros are handling
> > it, but I wanted to get a working build out first and then handle the
> > tweaks and such later - I've just not had time to follow up on it.
> > If Debian uses 'plugdev' then that's certainly an option.  If anyone
> > uses some other distros and would like to chime in on this with
> > respect to what $DISTRO uses for that group, feel free. :-)
> Wouldn't it make more sense to just reuse the "cdrom" group for this?
> IMHO, allowing a users to mount a pluggable device isn't much different
> from allowing them to mount a CD/DVD.

Since i'm fidling with Gentoo these days i found that, in their documentation 
(gentoo handbook), they list (/recomend)  groups in which user might 
(/should) be added. Among others there is group plugdev. I remembered that 
because in their 2007.0 edition the group "plugdev" doesn't exist by default 
so i got error :)

Group ivman is created after instalation of ivman.

guliette ~ # ls -al `which ivman`
-rwxr-xr-x 1 root root 55976 May 16 20:23 /usr/bin/ivman

guliette ~ # ls -al `which pmount`
-rws--x--- 1 root plugdev 29692 May 16 20:24 /usr/bin/pmount

guliette ~ # grep ivman /etc/passwd
ivman:x:103:1002:added by portage for ivman:/dev/null:/sbin/nologin

guliette ~ # grep plugdev /etc/group

BTW, on Gentoo there are even more groups for playing. Quote:
cdrom  	be able to directly access optical devices
floppy 	be able to directly access floppy devices
usb 	be able to access USB devices
plugdev 	Be able to mount and use pluggable devices such as cameras and USB 

IF, and only if, after The Man himselve has spoken, information on other 
distributions is still needed i will provide you with information about: 
CentOS, RHEL, SLES, Fedora, Mandriva, Ubuntu (yeah, crazy, though luckily 
last 3 only on tech support desktops)

