On Tue, Nov 09, 2004 at 06:41:40PM +0100, Martin Pitt wrote: > We solved (4) by introducing a new group called 'plugdev'. Every user > who is a member of this group can access hotpluggable devices (digital > cameras, USB drives etc.). pmount can only be executed by members of > this group (it is root:plugdev 750), Hmm. What's to stop a user fetching their own version of the pmount binary? I assume that won't work since they won't have the appropriate device permissions. If so, then a+x mode is safe, and directed by Debian Policy (I think. If not, it's in the Developer's Reference as a good idea). If not, then there's a nasty security hole at that point. The rest of it sounds good. I'm not fussed about hal, since I don't use gnome-volume-manager, but pmount might work better for me than autofs4, which you can't manually unmount without becoming root. >_< -- ----------------------------------------------------------- Paul "TBBle" Hampson, MCSE 7th year CompSci/Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) Paul.Hampson@Anu.edu.au "No survivors? Then where do the stories come from I wonder?" -- Capt. Jack Sparrow, "Pirates of the Caribbean" This email is licensed to the recipient for non-commercial use, duplication and distribution. -----------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature