On Sat 29 Oct 2016 at 23:23:52 +0300, Reco wrote: > On Sat, 29 Oct 2016 19:15:53 +0100 > Brian <a...@cityscape.co.uk> wrote: > > > I wish you had addressed the "equal exposure" question. Desktops are not > > the only environments in town. Leaving non-policykit users out in the > > cold is not an option. > > True, that does not look good at all. But why bother listing udisks2 > which is using PolicyKit then?
In the light of previous points I think there is a non-sequiteur in there somwhere. > Besides, in modern Debian it takes a certain amount of skill and > determination *not* to use PolicyKit ;) Maybe. Nothing to do with whether policykit is on a machine or not, of course. > > It doesn't come down to that; using a desktop filemanager is just one of > > the alternatives. One could equally well ask why it is has to mentioned > > when there is > > > > > Install pmount, udevil or udisks2 and use one ..... > > Indeed. All this confusion could be avoided by simple 'please mount the > USB stick to this mountpoint'. Again, the page describes rather > advanced topic. As said, a rewrite is in the offing. The reality is that all operations should be with root privileges. > > Providing a range of advice for a range of people isn't exactly easy in > > all situations. Advice on installing a wifi kernel module is easy - > > there is only one for each chipset. > > I honestly wish that this was true. Sadly, there's Broadcom, see [1] > for the gory details. There are always exceptions. > > A page on pmount is a little harder because it is a moving target. > > I honestly lost you here. oldstable, stable, testing and even sid have > the same upstream version of pmount - 0.9.23, dated 2010. They do indeed. Six years. Do you get the feeling it is getting on for unmaintained. (And a wiki page with HAL on it! I ask you). But software changes. Then wiki pages change. > > (The link you gave has out-of-date info on HAL). Anything more > > complex can always be criticised as time moves on. > > The page itself is somewhat outdated, true. Someone should cleanup that > obsolete hal reference. Don't look at me. > > But your sort of constructive criticism is valuable. > > You're welcome, I guess. > > > You are getting carried away here. Both are for *automatically* mounting > > and unmounting removable media, which is not a focus for the task. > > > > There is no sign of supermount in stable or unstable. > > True. That's something that I missed. We all miss something. > > As little as possible should be done as root is a good principle. > > mount(2) system call is a privileged one regardless of the tool used. > Hence a root intervention in one form or the other is needed. > > Whenever such privilege escalation is done by trusted daemon (udisks2), > or by hand (su, sudo) for the purposes of mounting and unmounting is not > relevant. Assuming, for the sake of simplicity, that all implementations > of privilege escalation (su, sudo, policykit, trusted suid binaries > such as pmount) are free of security bugs. > > If it was desirable to exclude root intervention whenever possible in > this task - the page in question would suggest fusefat instead. Something to consider and test. Thanks. > > C'mon; pointing out a typo! This is unworthy of you, even as an aside. > > Disregard the typo comment then as it was not pointed to the article > quality. Not all mount(8) invokations require root, that was the point. > > > Mounting and unmounting are not really a problem. Users and root can > > easily do these. But, as far as I can see, only someone with root > > privileges can use dd, cfdisk, fdisk and mkfs.vfat with a removable > > device. I'd like to be wrong. > > This is a common myth that I'll debunk gladly. > > Image copying (dd or any other tool) merely requires ability to write > to a block device. Such permissions on removable media should be > provided to any current console user by logind (or ConsoleKit if we > still need to think about wheezy), or a good old-fashioned > 'floppy' (any group name will do) group and a custom udev rule (as of > jessie). > > Creating any filesystem on a removable media's partition merely requires > the same. Since you wrote this, hundreds of people using GNOME have popped a USB stick into their machines and typed dd if=/dev/zero of=/dev/<somewhere> Those who didn't get dd: failed to open 'dev/<somewhere>' will be along soon to report success and explain why. The floppy group + a udev rule is a Wheezy thing. Not suitable for a wiki relating to a current Debian. -- Brian.
