Bug#897916: group plugdev is deprecated

Michael Biebl biebl at debian.org
Fri May 4 18:48:40 BST 2018 

Package: base-passwd
Version: 3.5.45
Severity: normal

base-passwd contains this about group plugdev:

plugdev

    Members of this group can access removable devices in limited ways without
    explicit configuration in /etc/fstab. This is useful for local users who
    expect to be able to insert and use CDs, USB drives, and so on.

    Since pmount (the original implementor of group plugdev) always mounts with
    the nodev and nosuid options and applies other checks, this group is not
    intended to be root-equivalent in the ways that the ability to mount
    filesystems might ordinarily allow. Implementors of semantics involving
    this group should be careful not to allow root-equivalence.

This is outdated information, I'd argue.
Desktops nowadays use udisks to mount removable media and udisks does
not use group plugdev anymore (it uses PolicyKit and the concept of
local users instead, as determined by logind).

I wonder if we shouldn't just drop group plugdev altogether and no
longer create it by default, although this is probably going to be
tricky. At the very least, we should mention that it is deprecated and
no longer actively used.
I mostly see group plugdev being used in a couple of udev rules files. I
wonder if we shouldn't advocate the usage of udev/loginds "uaccess".

CCed Martin, as original author of pmount.

Regards,
Michael

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages base-passwd depends on:
ii  libc6              2.27-3
ii  libdebconfclient0  0.243

Versions of packages base-passwd recommends:
ii  debconf [debconf-2.0]  1.5.66

base-passwd suggests no packages.

-- debconf information excluded

More information about the Pkg-systemd-maintainers mailing list