formatting/partitioning methods in HAL

[Artem Kachitchkine]

>>>I don't think so - for this you should need root-user rights. A user
>>>should not be able to reformat (and delete data) a volume if he not own
>>>_all_ files and dirs on the volume (and IMO the same for a USB-disk). IMO
>>>any other solution would be never acceptable.
>>
>>Why not? If the policy was made sufficiently secure by default, and
>>there was a HOWTO for users to follow to make things work for their
>>username, why not?

Security policies have their scope and context. I think we should allow 
for various types of users and environments. The best way to look at the 
problem, IMO, is via a concept of device ownership. Consider two examples:

1. We establish that the device just plugged in is exclusively owned by 
the console user on a single-console system. In this case, allowing the 
user to format the device he owns is a reasonable expectation.

2. We establish that the device just plugged in is shared among a group 
of users. In this case, in order to format the device a higher privilege 
might be required.

Of course, until the operating environment has a clear mechanism for 
group device ownership, case 2 is very uncommon. For case 1, a 
reasonable default policy would be to grant formatting privilege for 
hotpluggable and removable media attributes; and allow sysadmins to 
disable this if they wish.

-Artem.