Group Privileges

[Was_Just19]

I am grateful for the opportunity to read other's views on these things.
So thanks to everyone for getting involved.

I would like to use my single user desktop as an example for a moment.

Sometimes a family member will use my PC.

I see nothing at all dangerous or otherwise undesirable in allowing that user by default the privilege of managing their removable devices.

For instance if they insert a DVD RW or a DVD RAM disk they have the opportunity to do with it as they wish .....  or should have if they do not, IMO.

The same applies to any other removable media they choose to insert.

All of course on the understanding that they cannot interfere with fixed storage devices, by default.

I guess I am back to the first wording of my question ......  what is there about allowing a user to manage their own devices that you disagree with?
Why should a user not be allowed to create, delete, make filesystem, label, check filesystem and so on, on devices which they have responsibility for?
Provided of course that there is no leaking of such powers to other devices which would be rightfully under root privilege.

I am approaching this from the device "ownership" point of view ........  almost like "its my PC and I decide what it does" .......  the removable devices are not owned by the OS/root ..... they are owned by the user who inserts them ....

I would be grateful if you would expand a bit on your reasons why you would prevent users from accessing their own devices.

Thanks.

If we have to go to an admin for permission, then we're already in a controlled environment, which by definition implies there are (or maybe should be) restrictions on what the end user can and cannot do.  My opinion is that manipulating devices at their most base level falls squarely in this arena.

[pags]

I am grateful for the opportunity to read other's views on these things.
So thanks to everyone for getting involved.

I would like to use my single user desktop as an example for a moment.

Sometimes a family member will use my PC.

I see nothing at all dangerous or otherwise undesirable in allowing that user by default the privilege of managing their removable devices.

For instance if they insert a DVD RW or a DVD RAM disk they have the opportunity to do with it as they wish .....  or should have if they do not, IMO.

The same applies to any other removable media they choose to insert.

All of course on the understanding that they cannot interfere with fixed storage devices, by default.

I guess I am back to the first wording of my question ......  what is there about allowing a user to manage their own devices that you disagree with?
Why should a user not be allowed to create, delete, make filesystem, label, check filesystem and so on, on devices which they have responsibility for?
Provided of course that there is no leaking of such powers to other devices which would be rightfully under root privilege.

I am approaching this from the device "ownership" point of view ........  almost like "its my PC and I decide what it does" .......  the removable devices are not owned by the OS/root ..... they are owned by the user who inserts them ....

I would be grateful if you would expand a bit on your reasons why you would prevent users from accessing their own devices.

Thanks.

If we have to go to an admin for permission, then we're already in a controlled environment, which by definition implies there are (or maybe should be) restrictions on what the end user can and cannot do.  My opinion is that manipulating devices at their most base level falls squarely in this arena.

I don't disagree with these sentiments...

Are you allowing the family member guest access, or do they have their own account (not entirely relevent, except in as much as how you, the administrator, want permissions handed out)?

Either way, yes, they should be able to burn CDs or DVDs; mount, read and write from their own USB devices, etc...but do they really need (in their everyday course) the ability to re-partition their USB devices on a whim?  I think that's the only distinction I would make...

Again, I think something akin to modifying UDEV rules are needed to allow you to get the setup you want (and, of course, you would understand that it is up to you, having made that decision, to continue to administer the setup of such a configuration as updates are applied that may re-write these rules, etc).

I fully agree that it is YOUR PC, and you should be able to do what YOU WANT.  I'm just not sure how to get you there 

[Was_Just19]

Either way, yes, they should be able to burn CDs or DVDs; mount, read and write from their own USB devices, etc...but do they really need (in their everyday course) the ability to re-partition their USB devices on a whim?  I think that's the only distinction I would make...

I guess, for me, it is not a matter of what one needs, but more what one should have the right to do with one's own device.

It matters little to the user if they only wish to use the facility once a month or once a year ....  if it is their device it would be my contention that they should have the right to administer it. For instance, back to where I started, a user should have, again IMO, the right to create their own LiveUSB flash stick without having to be granted root privileges to do so. It is their device after all ........

At present, in PCLOS KDE, I can give users that right .... 

I *think* that some of it is set up by default (floppy group) and part of it is combined into the group which has the right to do everything with internal storage (disk group) -- in my view a root privilege.
So even if I wanted to grant a guest user on my PC the right to administer their own devices, I cannot without sacrificing the security of the internal storage.
As you say, that is likely some UDEV rule or other ......  which to my way of thinking, seems to be misconfigured.

regards.

[Bald Brick]

JohnBoy and pags,

When JohnBoy writes:

Why should a user not be allowed to create, delete, make filesystem, label, check filesystem and so on, on devices which they have responsibility for?

that is a very good question. But the important question isn't what users should or should not be allowed to do.

I've got a better one:

Who decides? And where is it decided whether a user is allowed to create, delete, make filesystem, label, check filesystem and so on, on devices which they have responsibility for?

My point being that it's easy to change a user's group membership so that he or she can do all those things. And if you don't want to do that it isn't hard to change the group of a device instead -- once the device exists.

The real problem is: how do you change the default group for newly attached devices? I've been reading up on UDEV for the last three hours, and I still haven't got a clue. After a couple of weeks I'll probably have an answer, but those weeks shouldn't be necessary. This isn't that hard a question: it shouldn't take more than minutes to find a solution.

This is not how it used to be in Linux or how Linux should be.

[uncleV]

I tend to ask Linus Torvalds on this already. Really.

Do you mean, men? Is it proper?

Mhm?
 

[Was_Just19]

blackbird, I think I am very glad I said that I would await the results of your reading into this stuff   

If it takes two weeks, so be it!   

[pags]

This isn't not how it used to be in Linux or how Linux should be.

"Amen, brother!"

 

Haven't even looked into the UDEV rules, yet, so you're way up on me!

...
Unfortunately, it is how Linux is, now 

So, we're struggling to work with what we have.  But, at least in Linux, the owner (administrator?) of a system can still choose how these things should be, even if it is now non-trivial to accomplish.

And I like it better than most of the alternatives available (or else, why am I using it?)

[kjpetrie]

How does one know the owner of a piece of removable media? Just because they plugged it in doesn't mean they own it. Many file systems used on portable devices lack ownership information.

So I'm not sure this principle holds. After all, the device might belong to another member of the family and the decision to reformat or repartition it could be malicious. As the system can't determine who it belongs to, isn't it sensible to restrict the ability to access such functionality to root?

[Was_Just19]

How does one know the owner of a piece of removable media? Just because they plugged it in doesn't mean they own it. Many file systems used on portable devices lack ownership information.

I thought it obvious I was not referring to legal ownership .... 

If they plugged it in then they do own it .....  from the OS point of view!

So I'm not sure this principle holds. After all, the device might belong to another member of the family and the decision to reformat or repartition it could be malicious. As the system can't determine who it belongs to, isn't it sensible to restrict the ability to access such functionality to root?

No it is not sensible IMO .....  because then the root password would have to be given to those who wanted to be able to manage their devices.
If there are untrustworthy members in a family then I guess they have more problems than what we are discussing here.
In any case, as the functions would be tied to a group or groups, the facility to deal with devices could be withheld from some younger family members by the admin. Just do not enable them to be a member of the specific group!

There is no way to prevent anything malicious from being done when physical access is available ........  just use a livecd and do whatever you like  ....

EDIT: to ease 'tone' -- I hope   

[pags]

How does one know the owner of a piece of removable media? Just because they plugged it in doesn't mean they own it. Many file systems used on portable devices lack ownership information.

I thought it obvious I was not referring to legal ownership .... 

If they plugged it in then they do own it .....  from the OS point of view!

So I'm not sure this principle holds. After all, the device might belong to another member of the family and the decision to reformat or repartition it could be malicious. As the system can't determine who it belongs to, isn't it sensible to restrict the ability to access such functionality to root?

No it is not sensible .....  because then the root password would have to be given to those who wanted to be able to manage their devices.
If there are untrustworthy members in a family then I guess they have more problems than what we are discussing here.
In any case, as the functions would be tied to a group or groups, the facility to deal with devices could be withheld from some younger family members by the admin. Just do not enable them to be a member of the specific group!

There is no way to prevent anything malicious from being done when physical access is available ........  just use a livecd and do whatever you like  ....

And at this point, I have to agree (although I feel I've been adversarial to you all along).  Ultimately, the fine details such as this should be decided by the system owner (/administrator).  In your (JohnBoy's) case, you've clearly stated what you consider reasonable permissions.  Now, we need to figure out how to implement them (again, here I am blabbing away, yet without an answer  ...).
Hopefully, someone will stumble across this thread, and post a usable (and, hopefully, easily reproducible) option.  Failing that, it will wait until one of us already in the thread has a chance to learn and apply something (such as UDEV rules, etc)

[Was_Just19]

Just in case anyone might get the wrong impression .......  I find that when there is an opposite point of view that it helps to solidify the basis for one's opinion, or alternatively helps to illuminate why the other point of view is the better.

That is the reason, pags, why I seemed a bit insistent on your explaining your thought process about the permissions .......  so that if I was missing some reason I could consider it and maybe change my opinion.

I apologise if my 'tone' of writing was off-putting or upsetting, to any poster. It was not the intent, believe me.

On the matter of the set up as presented in the released ISOs, I would be hopeful that the devs might consider the points raised in this thread, and at least try to ensure that all releases have the same defaults ------  even if I believe they should be slightly different 

Consistently wrong (as per my opinion) is better than no consistency at all.

Thanks to all for the discussion on this.
It has greatly helped me try to understand how device access is controlled and may be adjusted.

regards.

[uncleV]

Thanks to all for the discussion on this.
It has greatly helped me try to understand how device access is controlled and may be adjusted.

regards.

Especially Me included there for sure

[Was_Just19]

Thanks to all for the discussion on this.
It has greatly helped me try to understand how device access is controlled and may be adjusted.

regards.

Especially Me included there for sure

I am still waiting to hear what Linus told you about this!      

Would anyone care to decipher this document?  My head hurts!   

file:///usr/share/doc/hal/spec/hal-spec.html#access-control

[pags]

Thanks to all for the discussion on this.
It has greatly helped me try to understand how device access is controlled and may be adjusted.

regards.

Especially Me included there for sure

I am still waiting to hear what Linus told you about this!      

Would anyone care to decipher this document?  My head hurts!   

file:///usr/share/doc/hal/spec/hal-spec.html#access-control

Where did you get this?

I have '/usr/share/doc', and after that, I've got nothing...

[Was_Just19]

Thanks to all for the discussion on this.
It has greatly helped me try to understand how device access is controlled and may be adjusted.

regards.

Especially Me included there for sure

I am still waiting to hear what Linus told you about this!      

Would anyone care to decipher this document?  My head hurts!   

file:///usr/share/doc/hal/spec/hal-spec.html#access-control

Where did you get this?

I have '/usr/share/doc', and after that, I've got nothing...

Heck I don't know!

I guess it must be populated by me installing whatever man pages and such as are available in the repository ......  only explanation I can think of ....