[RFE] Gnome/KDE --> Checkfs/Format......
Johann B. Gudmundsson
johannbg at hi.is
Tue Mar 4 21:56:34 UTC 2008
Andrew Farris wrote:
> Johann B. Gudmundsson wrote:
>> Andrew Farris wrote:
>>> � wrote:
>>>> Is there really any need for the user to have root access to the
>>>> computer he's or
>>>> to contact his system administrator ( in case he has one to begin
>>>> with )
>>>> to format the floppy he wants to save his OO document on ????
>>>> And when the user has not put his floppy disk properly in the
>>>> floppy drive
>>>> is faced with "Unable to mount media <clicks> detail -->
>>>> and gets mount: /dev/fd0 is not a valid block device
>>>> Instead of userfriendly msg like the cd/dvd rom outputs "There's
>>>> probably no media in drive"
>>>> which by the way is true in this case...
>>>
>>> Mounting and creating filesystems is something that PolicyKit should
>>> allow to be configured, see
>>> System->Preferences->System->Authorizations. This is really a
>>> matter of default polkit policy being written to make it happen
>>> (and/or to prevent it). I think in some cases it would be valuable
>>> to prevent a user from formatting any disks (think internet kiosk or
>>> security sensitive data on a workstation).
>>>
>> We are talking about external HD,USB keys Floppy's..
>> the same policy should apply to them as CD's ( burning cd or bootable
>> cd's )
>> We are not letting users format internal HD without the necessary
>> privileges.
>
> I was talking about external devices. Its your opinion they should be
> fully open to format, its my opinion they should be permitted to be
> formatted by default policy but be restrictable...
>
I'm not arguing against that it along with other things cant be
restricted..
Regarding "external devices" one must wonder how the security is
around the "external device" in the
first place if the user gets its hands on it... And since he got he's
hands on it in first place there's
nothing to prevent him take it home or to his secret lair and do
whatever he wants to it...
>> Regarding internet kiosks workstations etc... then it's just common
>> sense
>> to those who administer/manage to disable boot from CD's USB Floppy,
>> Password
>> protect Grub and disable certain keyboard short cuts etc..
>
> The issue is not only booting, but the ability to lockdown the system
> and its behavior to only what is desired (be it browsing a library
> reference database or ordering coffee).
>
And this involves formating external storage device how???
> I (the user) see it, policykit is an excellent route to take with
> setup for what you want. The default desktop install could allow any
> user logged in to format external disks without root access if there
> is policy there to escalate their privileges for that task alone.
>
That was what you were trying to say policykit is an excellent way to
handle who can format and which devices are allowed to be formatted..
Best regards
Johann B.
More information about the fedora-devel-list
mailing list