2 users simultaneous access to udisks2 mounted drive
Ivan Lezhnjov Jr.
ivan.lezhnjov.jr at gmail.com
Wed Feb 13 12:07:11 PST 2013
Whatever it is, why does it think I need or want to limit access to the mounted device to just one specific user? Especially when you look around and realize that standard behavior has been to make the mount accessible by anyone and govern access to its contents by ownership and permissions information set on files and directories.
From mount to NFS, software doesn't enforce a security policy on me unless I ask directly. Even if udisks was designed to do this with good intentions in mind, didn't anyone think it would be a good idea to let users control this aspect of the program's behavior?
We're talking enforced security policy here without an option to opt out. Not good. Not good at all.
It takes control away from a user.
I'd be fine with something like that coming from Apple or Microsoft, they're notorious for doing such things and they're evil. But in Free Software world? Not acceptable.
Ivan
On Feb 13, 2013, at 8:16 PM, Kevin Chadwick <ma1l1ists at yahoo.co.uk> wrote:
>> What does this strict ACL attempt to solve anyway? I'm not against it because I don't like ACL or whatever, but the problem here is that I cannot change easily enough this configuration.
>> Traditionally, Linux/UNIX users/admins are accustomed to managing permissions with… permissions!
>
> Don't you get it this is part of a 'modern desktop' along with IPC
> everywhere (like windows) despite all of it's flaws especially
> in security compared to file based simpler and more direct systems like
> sudo and no sudo and polkit don't accomplish different things just one
> enables lots by default and the other thinks that is a bad idea.
>
> For me, polkit is certainly justification enough for sudo to reverse
> that mantra and I thought that before reading this.
>
> http://drfav.wordpress.com/2012/05/11/the-quest-towards-trusted-client-applications-a-rambling/
>
>
> Here's a mail I've given to a few people who have found udisks
> problematic. Spacefm is being added to debian as we speak so you may
> wish to look at that too or udevil from the same author.
> _____________________________________________________________________________________
>
>> As I said in another post, I don't really need auto-mounting for my daily use, but if you don't mind sharing how you do it, I'll like to know.
>
> Quite crude (in a hurry) but works for many desktops and can be
> easily adapted for cross platform, it will need a little
> work for multiuser or systems with multiple permanent
> drives and certainly for any project, but you get the idea.
>
> If you look up the spacefm devs blog you'll find some daemons for
> various things too.
>
>
> /bin/cat /etc/udev/rules.d/*
> ACTION=="add", KERNEL=="sd[b-z]", RUN+="/bin/su _fixmount -c
> '/bin/sh /usr/local/mybin/fixmount.sh'", OPTIONS=="last_rule"
> ACTION=="add", KERNEL=="sd[b-z][0-9]", RUN+="/bin/su _fixmount -c
> '/bin/sh /usr/local/mybin/fixmount.sh'", OPTIONS=="last_rule"
> ACTION=="remove", KERNEL=="sd[b-z][0-9]", RUN+="/bin/su _fixmount -c
> '/bin/sh /usr/local/mybin/fixunmount.sh'", OPTIONS=="last_rule"
> ACTION=="remove", KERNEL=="sd[b-z]", RUN+="/bin/su _fixmount -c
> '/bin/sh /usr/local/mybin/fixunmount.sh'", OPTIONS=="last_rule"
>
>
> /bin/cat /usr/local/mybin/fixmount.sh
> #!/bin/sh
> BOB=$(/usr/bin/grep bob /etc/passwd | /usr/bin/cut -d ":" -f "3")
> #Order sequentially, gives device type matchable to order of plugged in
> on one nautilus interface without really long or dumb filesystem labels
> causing problems DEV="0" until ! /bin/mount | /usr/bin/grep
> -q /media/usb"$DEV" do
> let DEV=$DEV+1
> done
> FS_OPTIONS="rw,nodev,nosuid,noexec"
> FILESYS=$(/usr/bin/sudo /sbin/blkid -c /dev/null -o export "${DEVNAME}"
> | /usr/bin/egrep ^TYPE | /usr/bin/cut -d "=" -f 2) case $FILESYS in
> fat) FS_OPTIONS="rw,nodev,nosuid,noexec,flush,uid=oesys,umask=027" ;;
> vfat) FS_OPTIONS="rw,nodev,nosuid,noexec,flush,uid=oesys,umask=027" ;;
> ntfs)
> FS_OPTIONS="rw,nodev,nosuid,noexec,uid=oesys,umask=027,windows_names,streams_interface=none" ;;
> ext2) FS_OPTIONS="rw,nodev,nosuid,noexec,resuid=$OESYS" ;; ext3)
> FS_OPTIONS="rw,nodev,nosuid,noexec,resuid=$OESYS,barrier=1,commit=2" ;;
> ext4)
> FS_OPTIONS="rw,nodev,nosuid,noexec,resuid=$OESYS,commit=2,journal_checksum" ;;
> esac /usr/bin/sudo /bin/mount -n -o "$FS_OPTIONS"
> "${DEVNAME}" /media/usb"$DEV"
> --
> _______________________________________________________________________
>
> 'Write programs that do one thing and do it well. Write programs to work
> together. Write programs to handle text streams, because that is a
> universal interface'
>
> (Doug McIlroy)
> _______________________________________________________________________
> _______________________________________________
> devkit-devel mailing list
> devkit-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/devkit-devel
More information about the devkit-devel
mailing list