Bug#689854: pmount needs some loving care

To: Vincent Fourmond <fourmond@debian.org>, "Barak A. Pearlmutter" <barak@pearlmutter.net>
Cc: 689854@bugs.debian.org, Kan-Ru Chen (陳侃如) <koster@debian.org>, Axel Beckert <abe@debian.org>
Subject: Bug#689854: pmount needs some loving care
From: Simon McVittie <smcv@debian.org>
Date: Fri, 16 Oct 2015 11:30:08 +0100
Message-id: <[🔎] 5620D1B0.6010602@debian.org>
Reply-to: Simon McVittie <smcv@debian.org>, 689854@bugs.debian.org
In-reply-to: <[🔎] CAEnRq5N81V2h=jmd-nrD7mp5_02=2ZEznwiPBaAjdOWxSg7WRQ@mail.gmail.com>
References: <[🔎] 87a8rkwcuw.fsf@tarsk.hamilton.ie> <[🔎] CAEnRq5N81V2h=jmd-nrD7mp5_02=2ZEznwiPBaAjdOWxSg7WRQ@mail.gmail.com>

On 15/10/15 21:04, Vincent Fourmond wrote:
>   I'm OK to give input, and do few things from time to time...

It seems I'm still in the Cc list because I said something about the
adoption a while ago. To clarify, I do not intend to get involved in
this package's maintenance, and anything I say about it is only a
suggestion.

I do have one comment, which is that the package Description could
perhaps benefit from updating: it describes pmount's original
motivation, which was as a backend for GNOME and other GUI stuff.
However, GNOME and other "large" desktop environments have stopped using
it in favour of the more featureful (but correspondingly heavier-weight)
udisks2, leaving pmount as a potentially useful tool in its own right,
but no longer directly used by GNOME.

(No value-judgement intended here - pmount is simple and small; udisks2
is more complex and larger; and either could be more suitable than the
other, depending on your requirements.)

The major differences:

* udisks2 is a privileged D-Bus system service (daemon), controlled
  via D-Bus messages by an accompanying (unprivileged) CLI tool or by
  other unprivileged processes like the various GNOME GUIs that use it.
  pmount is a setuid CLI tool (a privilege boundary) with no daemon,
  which can be executed directly or by an unprivileged frontend;
  less complexity, but more need to cope with the security implications
  of being setuid.

* udisks2 has a broader scope, and also handles non-mount operations
  on disk devices, such as partitioning and SMART. pmount has a
  narrower scope, and only (un)mounts disks.

* udisks2 uses PolicyKit for access control, with a relatively subtle
  default policy designed to "do what I mean" (locally-logged-in users
  can mount removable disks on the same "seat" where they are currently
  logged-in), but configurable to have other policies (e.g.
  a group-based override) if that's what a sysadmin wants. pmount's
  policy is simpler, using group-ownership to allow any user in the
  plugdev group to mount removable disks, whether they are logged-in
  locally or remotely; this is simple and easy to understand if you
  know how Unix groups work, but can lead to unexpected results if the
  system is multi-seat or has remote access (users taking control of
  each other's USB drives).

Hopefully that's enough information for a Description that indicates to
a potential user whether pmount is suitable for their needs. In
particular, it seems worthwhile to mention "users in the plugdev group"
in the Description.

    S

Reply to:

References:
- Bug#689854: pmount needs some loving care
  - From: "Barak A. Pearlmutter" <barak@pearlmutter.net>
- Bug#689854: pmount needs some loving care
  - From: Vincent Fourmond <fourmond@debian.org>

Prev by Date: Bug#801811: marked as done (ITP: libcrypt-openssl-pkcs10-perl -- Perl extension to OpenSSL's PKCS10 API.)
Next by Date: Bug#801960: ITP: ruby-letter-opener -- Preview mail in the browser instead of sending.
Previous by thread: Bug#689854: pmount needs some loving care
Next by thread: Processed: limit package to wnpp, tagging 801811
Index(es):
- Date
- Thread