On Mon, Feb 17, 2020 at 04:28:52PM -0500, Stewart C. Russell via talk wrote:
So I'm working with a developer making a simple cross-platform graphical program to write Raspberry Pi OS images to SD card. This is meant for beginners to use. The developer is adamant that their program doesn't need to run under 'sudo' but that every user should be added to the disk group instead.
This means that every user can write directly to system disk devices at any time. The Debian-based systems I use don't add regular users to "disk". Is it reasonable/common for regular users to be set up this way?
cheers
Stewart $(export HAVE_ACCIDENTALLY_OVERWRITTEN_ROOT=1) Russell
Certainly Debian says: "The group disk can be very dangerous, since hard drives in /dev/sd* and /dev/hd* can be read and written bypassing any file system and any partition, allowing a normal user to disclose, alter and destroy both the partitions and the data of such drives without root privileges. Users should never belong to this group. " Safest option I can think of would be to create a new group for usb flash drives, and then create a new udev rule to make usb flash drives belong to that group instead of the disk group, and then add the user to that group. On a typical linux system though, there is no safe way to write to raw usb drives. Anything that allows it means you are root. In the past (like 4 or 5 years ago) Debian used to use the 'floppy' group for usb media, but they no longer do. But if you don't want to mess with udev rules, using sudo seems the sanest method. Adding normal users to the disk group is obviously not the solutuion. -- Len Sorensen