[GTALUG] Adding all users to the "disk" group: bad idea, or terrible idea?
John Sellens
jsellens at syonex.com
Mon Feb 17 16:42:12 EST 2020
The developer seems to be insisting on an answer, rather than
a need. The need is to allow easy writing when appropriate.
Consider a wrapper script that uses sudo to call the actual command.
And then set sudoers(5) to allow appropriate people to run the command
as root without a password.
That means that it's easy for the user, and access to the disk
devices is only provided through the (presumably) tested and
well-functioning command.
Remember: you can solve any problem in computer science with
another level of indirection.
I suspect that there's a way via udev or dbus to accomplish the
appropriate thing. But I'm not smart enough for that.
Hope that helps!
John
On Mon, 2020/02/17 04:28:52PM -0500, Stewart C. Russell via talk <talk at gtalug.org> wrote:
| So I'm working with a developer making a simple cross-platform graphical
| program to write Raspberry Pi OS images to SD card. This is meant for
| beginners to use. The developer is adamant that their program doesn't need
| to run under 'sudo' but that every user should be added to the disk group
| instead.
|
| This means that every user can write directly to system disk devices at any
| time. The Debian-based systems I use don't add regular users to "disk". Is
| it reasonable/common for regular users to be set up this way?
|
| cheers
|
| Stewart $(export HAVE_ACCIDENTALLY_OVERWRITTEN_ROOT=1) Russell
|
|
|
| ---
| Post to this mailing list talk at gtalug.org
| Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
More information about the talk
mailing list