[GTALUG] Adding all users to the "disk" group: bad idea, or terrible idea?

[Nicholas Krause]

On 2/20/20 4:57 PM, Lennart Sorensen via talk wrote:
> On Thu, Feb 20, 2020 at 04:11:47PM -0500, Chris Tyler via talk wrote:
>> Stewart, I'm having troubles understanding the author's reply to the SGID
>> suggestion. What I was proposing was to set things up with a command like
>> this (executed just once):
>>
>>    BINARY=/path/to/binary ; sudo chmod 02711 $BINARY ; sudo chown root:disk
>> $BINARY
>>
>> ...Which would mean that the user would have their effective group ID
>> changed to 'disk' only while the binary was running. This means that,
>> during program execution, it would be have the same level of access as if
>> the user belonged to the 'disk' group; however, this would drop back to
>> their previous group membership when the binary exited. As a bonus, you
>> don't have to change the system group memberships. (The program in question
>> should, of course, guard against writing to the wrong device while it's
>> running, and prevent shell-outs).
> It also means any user running the program has that access, not just
> users in group disk.  That may be considered better or worse.
>
> I suppose the program could check that the user belongs to some other
> group meant for this program, but then it gets even more complicated.
>
Why not open as a normal user and then exec or switch into another user
as need be. The real question is how much access does the program require
to the disk? Depending on that its pretty easy to figure out whether 
SGID setting,
exec and switch users or run with sudo is the best option.

Nick