formatting/partitioning methods in HAL

David Zeuthen david at fubar.dk
Sun Jan 15 13:55:50 PST 2006 

On Sun, 2006-01-15 at 15:07 +0100, Danny Kukawka wrote:
> I don't think so - for this you should need root-user rights. A user should 
> not be able to reformat (and delete data) a volume if he not own _all_ files 
> and dirs on the volume (and IMO the same for a USB-disk). IMO any other 
> solution would be never acceptable.

Uhm, so if I, a user a console, attach a USB hard-disk to a USB port and
it happens to run NTFS or ext3 I'm not allowed to format it? What if
it's a drive I got from a friend and now I want to scratch all data and
format it using vfat [1]? 

Surely we want to allow something like this.

We also want to make sure that the user isn't (accidentally or with
malicious intent) able to reformat / or /usr or /corporate_data or
something.

Finally, we want to make life easy for schools deploying systems where
the users are largely untrusted. You know.. I think maybe we need a FAQ
on locking down HAL.

Hmm.. I think this largely comes down to what choices distributors wants
to make.. and, uhm, this _is_ pretty interesting. I think, not having
giving it super much thought, that one sane way is to allow all
hotpluggable and removable drives (notice the fine distinction between
these two) to be partitioned and formatted (again, need to make a
distinction here) for the console user. But I don't really pretend to
have the answer at all. It's difficult.

So.. being practical and all... Why don't we just go ahead and implement
this but do it a way such that only uid 0 may invoke these methods for
the time being? Who knows, down the road we distributors will figure
this out and... the bespoke gfloppy program should be able to cope with
having to ask for auth anyway [2].

Cheers,
David

[1] : let me rant a bit... sadly, the only sane option we have today for
disks that users move around is VFAT. It looks to me like MS is doing
*something* right with NTFS since I and others appear to be able to move
it around between multiple computers.. 

I haven't done much checking though, only have a single MS system, but
more so than often I just wish Linux had a file system like that that
did a bit more than just uid/gid. It's 2006 for crying out loud.

(oh, if there is such a file system please let me know and I'll
apologize for my rant :-)

[2] : via e.g. consolehelper on Fedora, sudo on Ubuntu or whatever

More information about the hal mailing list