gnome-volume-manager
$ dpkg -s gnome-volume-manager | grep '^Version: '
Version: 1.1.3-2
$ strings /usr/bin/gnome-volume-manager | egrep 'pu?mount'
/usr/bin/pmount-hal %h
/usr/bin/pumount %d
Is there any real need to embed the full path name for pumount in the
gnome-volume-manager executable?
My reason for asking is that I have written a small super script with
links at /usr/local/bin/pmount and /usr/local/bin/pumount. It execs
the corresponding binary in /usr/bin with membership of the plugdev
group - provided the user is logged in at the console. This appears
to offer an elegant administration policy, as it conveniently avoids
the security concerns and administrative burden associated with placing
users into a device group at login.
When a user inserts a usb flash drive, for example, the script gets
invoked successfully because gnome-volume-manager does not directly run
/usr/bin/pmount. Instead, gnome-volume-manager delegates that job to
pmount-hal which seems to honour PATH when finding pmount. (The PATH
setting allows distro commands to be overriden in /usr/local/bin by
default.)
However, the user can not unmount the device (through a gnome desktop
icon) because gnome-volume-manager runs /usr/bin/pumount directly and
the user is not a member of plugdev in this policy scheme. (Savvy
users can pumount from a terminal to get round the problem, as they
will get /usr/local/bin/pumount).
Phillip Brown
Reply to: