Bug#689854: pmount needs some loving care
On 15/10/15 21:04, Vincent Fourmond wrote:
> I'm OK to give input, and do few things from time to time...
It seems I'm still in the Cc list because I said something about the
adoption a while ago. To clarify, I do not intend to get involved in
this package's maintenance, and anything I say about it is only a
suggestion.
I do have one comment, which is that the package Description could
perhaps benefit from updating: it describes pmount's original
motivation, which was as a backend for GNOME and other GUI stuff.
However, GNOME and other "large" desktop environments have stopped using
it in favour of the more featureful (but correspondingly heavier-weight)
udisks2, leaving pmount as a potentially useful tool in its own right,
but no longer directly used by GNOME.
(No value-judgement intended here - pmount is simple and small; udisks2
is more complex and larger; and either could be more suitable than the
other, depending on your requirements.)
The major differences:
* udisks2 is a privileged D-Bus system service (daemon), controlled
via D-Bus messages by an accompanying (unprivileged) CLI tool or by
other unprivileged processes like the various GNOME GUIs that use it.
pmount is a setuid CLI tool (a privilege boundary) with no daemon,
which can be executed directly or by an unprivileged frontend;
less complexity, but more need to cope with the security implications
of being setuid.
* udisks2 has a broader scope, and also handles non-mount operations
on disk devices, such as partitioning and SMART. pmount has a
narrower scope, and only (un)mounts disks.
* udisks2 uses PolicyKit for access control, with a relatively subtle
default policy designed to "do what I mean" (locally-logged-in users
can mount removable disks on the same "seat" where they are currently
logged-in), but configurable to have other policies (e.g.
a group-based override) if that's what a sysadmin wants. pmount's
policy is simpler, using group-ownership to allow any user in the
plugdev group to mount removable disks, whether they are logged-in
locally or remotely; this is simple and easy to understand if you
know how Unix groups work, but can lead to unexpected results if the
system is multi-seat or has remote access (users taking control of
each other's USB drives).
Hopefully that's enough information for a Description that indicates to
a potential user whether pmount is suitable for their needs. In
particular, it seems worthwhile to mention "users in the plugdev group"
in the Description.
S
Reply to: