On 30/03/15 03:34, Michael Biebl wrote:
Am 30.03.2015 um 02:25 schrieb Dmitry Alexandrov:
On 30/03/15 02:41, Michael Biebl wrote:
Am 30.03.2015 um 01:21 schrieb Dmitry Alexandrov:
On 30/03/15 01:01, Michael Biebl wrote:
The default policy shipped in Debian allows local desktop users to
mount/umount/format etc removable media.
‘Format’? How? udisksctl(1) does mot provide such a possibility, as far
as I see. Also, to my mind, an average desktop user is much less
concerned about formating removable drives than *labeling* them. Could
it be done without raw access to block devices?
You can, indeed. gnome-disks [1] is a GUI frontend for udisks.
Among others, it let's change the file system labels.
I'm sure, other desktop environments provide similar functionality.
OK, thanks, it’s good that desktop environments took up this problem,
but that is (or would be) both too complex and too local solutions. What
about basics: a non-interactive utility like e2label(8) / fatlabel(8),
that would allow one to make re-labelling easy by, for example,
configuring a ‘user action’ for his favourite file manager?
At least mounting/unmount/formatting/writing of ISO-Images are all
integrated nicely into nautilus.
It's true, that relabelling is not and that you need to resort to
gnome-disks here. But that's a rather special case imho.
As for using the command line tools: No-one prevents you from using
those e.g. using sudo or pkexec.
sudo(8)? How? By writing a script that would analyse whether the
argument is pointing to removable device or not? Thanks, no.
Moreover, if I have to do some manipulation with superuser rights, then
why I would ever need *this*: no-one prevents me from restoring expected
behaviour by putting removed udev rules (‘91-permissions.rules’ in
attachment to this message) back to /etc/udev/rules.d/
But thank you, I did not realised that UDisks (as a library) have an
ability to label and format. I think, I have at least to file a feature
request against udisksctl(1). Here it is: https://bugs.debian.org/781495
ACTION=="remove", GOTO="permissions_end"
# default permissions for block devices
SUBSYSTEM=="block", GROUP="disk"
SUBSYSTEM=="block", ATTRS{removable}=="1", GROUP="floppy"
# the aacraid driver is broken and reports the disks as removable (see #404927)
SUBSYSTEM=="block", DRIVERS=="aacraid", GROUP="disk"
# all block devices on these buses are "removable"
SUBSYSTEM=="block", SUBSYSTEMS=="usb|ieee1394|mmc|pcmcia", GROUP="floppy"
KERNEL=="cbm", GROUP="floppy"
# IDE devices
ENV{ID_CDROM}=="?*", GROUP="cdrom"
KERNEL=="ht[0-9]*", GROUP="tape"
KERNEL=="nht[0-9]*", GROUP="tape"
# SCSI devices
SUBSYSTEM=="scsi_generic|scsi_tape", \
SUBSYSTEMS=="scsi", ATTRS{type}=="1|8", GROUP="tape"
SUBSYSTEM=="scsi_generic", \
SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", GROUP="cdrom"
# USB devices
KERNEL=="legousbtower*", MODE="0666"
KERNEL=="lp[0-9]*", SUBSYSTEMS=="usb", GROUP="lp"
# hplip and cups 1.4+ use raw USB devices, so permissions should be similar to
# the ones from the old usblp kernel module
SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", \
ENV{ID_USB_INTERFACES}=="", IMPORT{builtin}="usb_id"
SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", \
ENV{ID_USB_INTERFACES}=="*:0701??:*", GROUP="lp"
# usbfs-like devices
SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", \
MODE="0664"
# serial devices
SUBSYSTEM=="tty", GROUP="dialout"
SUBSYSTEM=="capi", GROUP="dialout"
SUBSYSTEM=="slamr", GROUP="dialout"
SUBSYSTEM=="zaptel", GROUP="dialout"
KERNEL=="mISDNtimer", GROUP="dialout"
KERNEL=="mwave", GROUP="dialout"
KERNEL=="hvc*|hvsi*", GROUP="dialout"
# vc devices (all members of the tty subsystem)
KERNEL=="ptmx", MODE="0666", GROUP="root"
KERNEL=="console", MODE="0600", GROUP="root"
KERNEL=="tty", MODE="0666", GROUP="root"
KERNEL=="tty[0-9]*", GROUP="root"
KERNEL=="pty*", MODE="0666", GROUP="tty"
# video devices
SUBSYSTEM=="video4linux", GROUP="video"
SUBSYSTEM=="drm", GROUP="video"
SUBSYSTEM=="dvb", GROUP="video"
SUBSYSTEM=="em8300", GROUP="video"
SUBSYSTEM=="graphics", GROUP="video"
SUBSYSTEM=="nvidia", GROUP="video"
# misc devices
KERNEL=="random", MODE="0666"
KERNEL=="urandom", MODE="0666"
KERNEL=="mem", MODE="0640", GROUP="kmem"
KERNEL=="kmem", MODE="0640", GROUP="kmem"
KERNEL=="port", MODE="0640", GROUP="kmem"
KERNEL=="nvram", MODE="0640", GROUP="kmem"
KERNEL=="full", MODE="0666"
KERNEL=="null", MODE="0666"
KERNEL=="zero", MODE="0666"
KERNEL=="inotify", MODE="0666"
KERNEL=="sonypi", MODE="0666"
KERNEL=="cpu[0-9]*", MODE="0444"
KERNEL=="agpgart", GROUP="video"
KERNEL=="pmu", GROUP="video"
KERNEL=="kqemu", MODE="0666"
KERNEL=="tun", MODE="0666", OPTIONS+="static_node=net/tun"
KERNEL=="rfkill", MODE="0644"
KERNEL=="cdemu[0-9]*", GROUP="cdrom"
KERNEL=="pktcdvd[0-9]*", GROUP="cdrom"
KERNEL=="pktcdvd", MODE="0644"
# printers and parallel devices
SUBSYSTEM=="printer", GROUP="lp"
SUBSYSTEM=="ppdev", GROUP="lp"
KERNEL=="irlpt[0-9]*", GROUP="lp"
KERNEL=="pt[0-9]*", GROUP="tape"
KERNEL=="pht[0-9]*", GROUP="tape"
# sound devices
SUBSYSTEM=="sound", GROUP="audio",
OPTIONS+="static_node=snd/seq", OPTIONS+="static_node=snd/timer"
# ieee1394 devices
SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x00010*", GROUP="video"
SUBSYSTEM=="firewire", ATTR{units}=="*0x00b09d:0x00010*", GROUP="video"
SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", GROUP="video"
SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", GROUP="video"
KERNEL=="raw1394", GROUP="disk"
KERNEL=="dv1394-[0-9]*", GROUP="video"
KERNEL=="video1394-[0-9]*", GROUP="video"
# input devices
KERNEL=="event[0-9]*", ATTRS{name}=="*dvb*|*DVB*|* IR *" \
MODE="0664", GROUP="video"
KERNEL=="js[0-9]*", MODE="0664"
KERNEL=="event[0-9]*", ENV{ID_CLASS}=="joystick", \
MODE="0664", GROUP="audio"
KERNEL=="lirc[0-9]*", GROUP="video"
KERNEL=="mmtimer", MODE="0644"
KERNEL=="sgi_*", MODE="0666"
KERNEL=="z90crypt", MODE="0666"
KERNEL=="iseries/ibmsis*", GROUP="disk"
KERNEL=="iseries/nvt*", GROUP="disk"
KERNEL=="iseries/vt*", GROUP="disk"
KERNEL=="iseries/vtty*", GROUP="dialout"
# AOE character devices
SUBSYSTEM=="aoe", MODE="0220", GROUP="disk"
SUBSYSTEM=="aoe", KERNEL=="err", MODE="0440", GROUP="disk"
LABEL="permissions_end"
