[GTALUG] Adding all users to the "disk" group: bad idea, or terrible idea?

[Stewart C. Russell]

Hey, thanks to all who responded. I'm sticking with merely "bad idea", 
as it would also give the user block-level access to everyone's secret 
files. I know sudo already does this, but one has to manually clunk into 
that mode. Though there are still plenty of Raspberry Pi users who 'sudo 
ls', for some reason.

On 2020-02-17 7:23 p.m., Chris Tyler wrote:
> Wouldn't it be better to use SGID to enable access to disk devices only 
> for the duration of that program's execution?

Author claims it's not possible. The program was written as a reaction 
to finding out that balenaEtcher (https://www.balena.io/etcher/) "phones 
home" with usage data. If true, this is unfortunate, because Etcher 
fixes all the fiddliness of using dd as root, it's truly cross platform, 
and avoids the Windows unzip bug. No-one's yet identified what exactly 
Etcher phones home yet, but that hasn't stopped the heat, light and fury 
of a Free Software Cause in the making …

The new program's quite usable for now (even if you have to run it sudo) 
and appears to be cross-platform too. It's also a lot smaller than 
Etcher, which is an Electron app.

Source repo is here: https://gitlab.com/bztsrc/usbimager