| Summary: | org.freedesktop.udisks.filesystem-mount-system-internal shouldn't be allowed for wheel | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Andy Lutomirski <luto> |
| Component: | udisks | Assignee: | David Zeuthen <davidz> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 15 | CC: | davidz, dwysocha, extras-orphan, mclasen, notting |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-06-22 18:02:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Andy Lutomirski
2011-06-22 14:19:27 UTC
I'm not sure I agree here - the point of the wheel group is that they're the administrative user; in that case, they should be able to mount whatever filesystems. Given how wheel is used in sudo, it's not as if it's a privilege escalation. In any case, moving to the proper component. sudo asks for a password (on a brand new F15 install): $ groups luto wheel $ sudo echo foo [sudo] password for luto: I don't see why mounting internal devices should be special and not need a password. Especially because it's easy to do by accident and it's a strange thing to do. It works this way because most people only have things like Windows or OS X on the system disk and we want people to access data on these volumes. So that's exactly why we allow users in the 'wheel' group to do this without authenticating (OTOH, users not in the 'wheel' group gets to authenticate by default). There are multiple ways to configure your system if you don't like this (and don't want to remove your user from the 'wheel' group): putting the relevant devices in /etc/fstab is one solution - configuring polkit is another. We are not changing the defaults just because of your setup. |