[RFE] Gnome/KDE --> Checkfs/Format......

Andrew Farris lordmorgul at gmail.com
Tue Mar 4 20:58:34 UTC 2008


Johann B. Gudmundsson wrote:
> Andrew Farris wrote:
>> � wrote:
>>> Is there really any need for the user to have root access to the 
>>> computer he's or
>>> to contact his system administrator ( in case he has one to begin with )
>>> to format the floppy he wants to save his OO document on ????
>>> And when the user has not put his floppy disk properly in the floppy 
>>> drive
>>> is faced with "Unable to mount media <clicks> detail  -->
>>> and gets mount: /dev/fd0 is not a valid block device
>>> Instead of userfriendly msg like the cd/dvd rom outputs "There's 
>>> probably no media in drive"
>>> which by the way is true in this case...
>>
>> Mounting and creating filesystems is something that PolicyKit should 
>> allow to be configured, see 
>> System->Preferences->System->Authorizations.  This is really a matter 
>> of default polkit policy being written to make it happen (and/or to 
>> prevent it).  I think in some cases it would be valuable to prevent a 
>> user from formatting any disks (think internet kiosk or security 
>> sensitive data on a workstation).
>>
> We are talking about external HD,USB keys Floppy's..
> the same policy should apply to them as CD's ( burning cd or bootable 
> cd's )
> We are not letting users format internal HD without the necessary 
> privileges.

I was talking about external devices.  Its your opinion they should be fully 
open to format, its my opinion they should be permitted to be formatted by 
default policy but be restrictable...

> Regarding internet kiosks workstations etc... then it's just common sense
> to those who administer/manage to disable boot from CD's USB Floppy, 
> Password
> protect Grub and disable certain keyboard short cuts etc..

The issue is not only booting, but the ability to lockdown the system and its 
behavior to only what is desired (be it browsing a library reference database or 
ordering coffee).

> Let the administrators do their job and lock down the system or make 
> adjustments to fit their "work  environment" things should be focused on 
> the desktop/home user...

... the policy needs written.  Things would work just fine for the desktop if 
there were magically a perfect set of policy rules that permitted it to.  Making 
it unlocked entirely is a shorterm outlook (much like auto configuring 
password-less sudo in other distros so things for the desktop user 'just work'). 
  As I (the user) see it, policykit is an excellent route to take with setup for 
what you want.  The default desktop install could allow any user logged in to 
format external disks without root access if there is policy there to escalate 
their privileges for that task alone.

-- 
Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
  gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3
No one now has, and no one will ever again get, the big picture. - Daniel Geer
----                                                                       ----




More information about the devel mailing list