Public bug reported:
Its seems since gnome has utilized policykit + udisks fine grain control of
permissions and mounting options on devices have become grossly inadequate and
the conventional group permissions + hal/gconf mounting options are now being
completely ignored.
What I need is very simple: read-only access to any removable media, including
usb drives, floppy disks, and restriction to burning recordable cds/dvds. In
the past all that was needed for this for usb and flash drives was to change
hal rules and/or gconf mounting options -or- just remove the user from the
group (floppy, plugdev) so they can't access it altogether. As for CD/DVD
burning all you can do is remove the user from the cdrom group. Simple.
Now, because gnome seems to be no longer honoring any of this, I've had to
resort to either A) putting the entries in fstab or B) creating policy kit
rules. A) is out of the question because I can't be sure of how many potential
usb drives or floppy drives can be inserted into a machine so B) was my only
option requiring a password for the user to mount them. Not what I wanted but
fine.
Now enter a new problem: any user has the ability to burn CDs or DVDs. Neither
policykit nor udisks has any such restriction rule and as of right now
deselecting "Use CD-ROM Drives" in users-admin has no effect on access to the
device -or at least nautilus doesn't seem to care. If I pop in a recordable CD
or DVD it gives me the option to burn contents onto it with no problem, the
same goes for brasero used by itself. If I create udev rules to make the mode
0440 on the cd device or manually set it on the command line via chmod,
nautilus seems to put it right back so it can burn away. K3b on the other hand
seems to honor the group delegation.
Is gnome intentionally ignoring groups or is this a bug? If so then why
provide the users-admin interface for delegating permissions on them if
it has no effect?
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: gnome (not installed)
ProcVersionSignature: Ubuntu 2.6.32-23.37-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-23-generic i686
Architecture: i386
Date: Fri Jul 2 10:44:32 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: meta-gnome2
** Affects: meta-gnome2 (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug i386 lucid
--
gnome doesn't care about group permissions (device access)
https://bugs.launchpad.net/bugs/601111
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
