[GTALUG] Adding all users to the "disk" group: bad idea, or terrible idea?
Chris Tyler
chris at tylers.info
Mon Feb 17 19:23:21 EST 2020
Wouldn't it be better to use SGID to enable access to disk devices only for
the duration of that program's execution? This would mean that you wouldn't
change the user or system configuration, the same level of risk would be
present when the program was running (the program needs to verify that it's
only writing to SD cards!), and there would be no additional risk when the
program was not running.
-Chris
On Mon, Feb 17, 2020 at 4:28 PM Stewart C. Russell via talk <talk at gtalug.org>
wrote:
> So I'm working with a developer making a simple cross-platform graphical
> program to write Raspberry Pi OS images to SD card. This is meant for
> beginners to use. The developer is adamant that their program doesn't
> need to run under 'sudo' but that every user should be added to the disk
> group instead.
>
> This means that every user can write directly to system disk devices at
> any time. The Debian-based systems I use don't add regular users to
> "disk". Is it reasonable/common for regular users to be set up this way?
>
> cheers
>
> Stewart $(export HAVE_ACCIDENTALLY_OVERWRITTEN_ROOT=1) Russell
>
>
>
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20200217/b3803723/attachment.html>
More information about the talk
mailing list