Wouldn't it be better to use SGID to enable access to disk devices only for the duration of that program's execution? This would mean that you wouldn't change the user or system configuration, the same level of risk would be present when the program was running (the program needs to verify that it's only writing to SD cards!), and there would be no additional risk when the program was not running.

-Chris

On Mon, Feb 17, 2020 at 4:28 PM Stewart C. Russell via talk <talk@gtalug.org> wrote:

So I'm working with a developer making a simple cross-platform graphical
program to write Raspberry Pi OS images to SD card. This is meant for
beginners to use. The developer is adamant that their program doesn't
need to run under 'sudo' but that every user should be added to the disk
group instead.

This means that every user can write directly to system disk devices at
any time. The Debian-based systems I use don't add regular users to
"disk". Is it reasonable/common for regular users to be set up this way?

cheers

Stewart $(export HAVE_ACCIDENTALLY_OVERWRITTEN_ROOT=1) Russell

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk