This proposal adds a new dedicated diskadmin group, allowing users to manage external drives without needing to be in the wheel group.
It will also enable wheel users to unlock and mount external drives without a password prompt.
Owners, do not implement this work until the FESCo vote has explicitly ended. The Fedora Program Manager will create a tracking bug in Bugzilla for this Change, which is your indication to proceed. See the FESCo ticket policy and the Changes policy for more information.
REMINDER: This ticket is for FESCo members to vote on the proposal. Further discussion should happen in the devel list thread linked above.
This Change seems somewhat between either pointless or a bad idea. Creating more groups for the sake partitioning out permissions is a very 90s thing that we intentionally stopped doing because it made giving access really unwieldy. The outgrowth of moving away from that was PolicyKit. Granting disk management access also can have scary implications since you are giving people the ability to manipulate all storage.
Commentators in the discussion also point out that permissions for removable drives are already granted without extra work, and this would only add permissions for system drives, which can be dangerous.
As it is, I don't think this Change makes sense.
-1
Metadata Update from @ngompa: - Issue tagged with: meeting
With all the bugs that are apparently present in "detect if this disk is external or not", I don't think giving all users privileges to modify "external" disks (that may or may not actually be external) is a good idea. And mounting drives that are detected as "external" is already allowed without requiring elevated privileges (though not sure if the same faulty "external or not" logic applies here too). Still, -1
Hey, I am also surprised that this change got submitted so early.
The discussion on the forum showed, that it may be solved by a different solution of fixing the detection of removable drives.
This should then allow proper unprivileged usage.
There may still be value in this proposed change. It allows these certain actions if a user gets added to the correct group. A simple fix if users need this capability.
I imagine having multiple drives in a PC. As I am not a PC user I wouldnt test this though, so I personally dont need it.
Calling it harmful is not true I would say though. It does not change anything, users need to be manually added to that group to have the capabilities.
This was discussed in the meeting, rejected (+0, 0, -7) and announced in the minutes
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/72M3MGF6YXXRPFT6ZEUQ5LSSQG6QQKD2/
Metadata Update from @salimma: - Issue close_status updated to: Rejected - Issue status updated to: Closed (was: Open)
Metadata Update from @salimma: - Issue untagged with: meeting
Log in to comment on this ticket.