Propose your solution
Attachments
No attachments.
Duplicates
Comments
|
glotz
wrote on the 30 Oct 08 at 13:49
|
|
|
So your little sister just formatted the puter? :DDD
Spank her. Spank her hard.
|
|
|
> If user B is normal: Restart computer, format ubuntu partition so windows has more space.
-1, Flamebait
Your idea merits a healthy discussion, but your way of presenting it is bound to stir up emotions which are not very conducive to that.
Now, for your idea: say I create user accounts for my study group [because we're running experiments on my machine that we need for a class report, and they should be able to get at the data that our script stores on my machine]. I let them eject my CDs and DVDs.
That's a great denial of service vector against me playing Diablo II, or burning discs, or listening to my music.
That particular study group is also my friends and I trust them*, but I'd prefer not having to.
* I know from experience that they only root my box when they have a good reason to, and don't do anything rkhunter can find :D
> This is a home OS, right?
Yes, but not only. It's also a secure networked multiuser OS, meaning that users shouldn't /have/ to trust each other.
Would a happy compromise be reached if, during the install, you're asked whether you are going to trust everybody who has an account on your machine, and then do the convenient (secure) thing if the answer is yes (no)? [and then of course have decent post-installation config tools that tells the user why what they're doing might be insecure, and what they need to know to evaluate that, but lets the user just check "let everybody unmount" if that's what they want].
One man's convenience is another man's security nightmare.
|
|
vexorian
wrote on the 30 Oct 08 at 14:32
|
|
|
"Yes, but not only. It's also a secure networked multiuser OS"
Then it has to stop that, this has to stop with the corporate giberish, ubuntu is just not as good as the corp linux distros out there just like those are so lame for home.
"One man's convenience is another man's security nightmare. "
Just notice, the other sesion is closed, so the other user is not using it anymore, and we are talking about ejecting a DVD? Give me a break. Perhaps you could make something up about preventing the guy from taking the disk out, ok, if I was an intruder and wanted to steal the disk, I would just use the 'emergency system' to take it out...
|
|
vexorian
wrote on the 30 Oct 08 at 14:35
|
|
|
"emergency system" for those who don't know is a small whole in all CD/DVD drives where you can insert a needle to force eject.
"Your idea merits a healthy discussion, but your way of presenting it is bound to stir up emotions which are not very conducive to that. "
Or maybe it is just my way to put ideas and I didn't really mean to hurt your emotions/feelings with that, nevertheless it is true, if you can't take a DVD out because an user not using the computer anymore was the one who mounted it, it doesn't really make you feel great about ubuntu, that was my point, of course, you may choose to freaking ignore the point.
|
|
|
The key point here regards removable media, which is transient and should be treated as such.
I can understand this behavior in a multi-session use case, in which multiple user sessions are active simultaneously. In this use case, the medium may be in use (and potentially could be actively reading/writing) so it is logical to keep the medium locked to that user session.
However, if the user session during which the removable medium was mounted is then closed, the mount should be released as well. Then, when another session is started, it should recognize and offer to mount the removable medium.
|
|
|
|
Why does someone need to be admin to use a CD or DVD anyway?
|
|
young
wrote on the 30 Oct 08 at 18:41
|
|
|
@chipbennett
great thinking
|
|
Faryshta
wrote on the 30 Oct 08 at 19:17
|
|
|
This is not a flamebait, if you felt offended is because he hitted somewhere you can't hide.
This is a must do idea.
|
|
|
Why would you format a PC just because a DVD got stuck? That's stupid!!! And if the session was "closed" wouldn't user "A" be logged out?
Fast switching doesn't close a session which is why user "B" can't eject the disc. Technically user "A" is still using it.
|
|
|
|
I agree. I think it should be properly configured by default inside PolicyKit (an option already exist for removable media, dunno if it works for DVD)
|
|
|
@MarcioVinicius
they dont they simply need to be root to override another users mount, much like bob would need to sudo rm -r ~/jane to delete her directory as he doesn't have the rights to.
The issue with ejecting somebody else's cd is the same.
should bob be allowed to eject somebody else's cd? ofc not if Jane has a file open on the dvd and it is replaced with a file that bob has provided, it opens Jane up to all kinds of attacks (known text, watermarking, etc).
The correct behavior for a security aware os is what is being done. It can be made more user friendly in two ways though
1) offer a prompt for Jane's password (thats what sudo can do) to eject Jane's cd
2) see if Jane is logged out and no programs are using the cd THEN eject the disc (this ofc leaves some room for attacks, but that can be countered by informing Jane the next time she logs in)
the other option is to do all mounting with cdrom, floppy or plugdev user & group privileges, thus allowing all other members of said group to unmount the disc.
|
|
|
One *brilliant* (as in slap-my-forehead-and-go-doh!-you-retard-brilliant) insight I just had is that the networked user stuff can be made a non-issue if we require the ejector to have a tty. The multiuser issue still remains.
[let's count the cases where you really-really need to eject someone else's CD, and you're not root, and you're not at the computer... otoh, "never" is a famous last word].
> Why does someone need to be admin to use a CD or DVD anyway?
You don't. But if *someone else than you* inserts a CD, *you* need to be admin to unmount it and take it out. See the "user" and "users" options to mount(8) for more info.
> However, if the user session during which the removable medium was mounted is then closed, the mount should be released as well.
I'm not convinced it's as clear-cut as that. I might have programs running inside a screen or dtach session that want to use the medium. Even if I don't have any processes running, I might want to use the medium in a cron or at job.
Now for the mud wrestling! I call dibs on being the pig, 'cause they have fun doing it ;)
Farystha> This is not a flamebait
aikiwolfie> Why would you format a PC just because a DVD got stuck? That's stupid!!!
Point not taken.
> if you felt offended is because he hitted somewhere you can't hide.
I think it's a little impolite to call people "not normal" and "used to silly things". Nothing that warrants murder, mind you, but it's not a good way to make friends. Maybe I was a bit rude in the way I tried to made that point. To anyone who felt offended: I'm sorry, that was not my intention.
(also, if using too big words makes me sound like an ass: sorry for that too. I've taken half a chill pill, let's see if it worked).
OP> Just notice, the other sesion is closed, so the other user is not using it anymore.
You don't know that. I might want to burn DVDs from a command line running inside screen. It'd be a waste of money if my burning program made me a coaster just because something unimportant [to the burning process, that is] such as the GUI went away.
Or, in case there's something specific to burning that prevents random people from opening the drive, I want to listen to a CD with cordless headphones while someone else is using the box. Or rip it. Or... whatever.
> if you can't take a DVD out because an user not using the computer anymore was the one who mounted it, it doesn't really make you feel great about ubuntu.
And if someone can coaster my burns just because I log out, that doesn't really make _me_ feel great about ubuntu.
> this has to stop with the corporate giberish
It's not corporate, and it's not gibberish. I've sshfs'ed files between my box and a friends. I've let them log into mine via ssh. Did you read about me being rooted? I want to let other people use my boxes over the net, but I want to limit how they can use it. I don't have to be a public company to want that.
I agree with OP that there is a problem.
I agree with OP that it's a problem worth solving.
I agree with OP that Ubuntu Desktop should be optimized for single-user or in-the-home usage. Normal people. No unix beards. No intravenous coffee. Agree, 100%.
The OP seems [to me] to think that the solution is simple and that investigating whether the simple solution may be problematic is not worth spending time on. I disagree with that.
The OP seems [to me] to think that Ubuntu Desktop should be optimized for the above scenario without any consideration of the consequences to how well Ubuntu works in other scenarios. I disagree with that.
I think we should consider the implications as fully as we can, and base our conclusion on a discussion of the pros and cons of each of the solutions.
Leaving the user to choose can make both me and OP happy [I think], if the default is what the OP wants and I'm made aware what the default is. And I'll say that excepting the money lost to coaster burns, erring on the side of usability is _probably_ not going to be seriously harmful.
Another angle: suppose I can prevent non-root users from ejecting CDs I mount. Suppose I fill my university's workstations with mounted CDs. I've now denied access to the drives to everyone else. Probably not good. OTOH, root can probably see that a single user has mounted CDs everywhere; root can then be a BOFH about it :
|
|
|
FTR, I've just voted the idea up, because I think the problem is important to solve :)
|
|
|
aikiwolfie: I think what he means is that a person trying out Linux for the first time, sees that they can't remove the CD, gets annoyed, and decides that they don't need Linux. It seems stupid to give up on an OS just based on a small inconvenience like this, but it's these little things that make people decide that Linux isn't "user-friendly."
I agree, it's annoying. If the CD is actually in use by the other system, though (copying files, running a game, etc.), it should still keep another user from ejecting it. But if the CD isn't in use, anyone should be able to eject it.
+1
|
|
Loganrah
wrote on the 31 Oct 08 at 06:01
|
|
|
If the CD/DVD being in use is a problem we could simply have a prompt that says "This media is in use, ejecting it could blah blah blah. Do you want to continue?".
This is exactly the sort of thing that would stop a lot of people using linux and it's not particularly difficult to fix (there could be an option to use the current system for security conscious users, but that should not be the default)
|
andruk
(Idea reviewer)
wrote on the 31 Oct 08 at 06:01
|
|
|
We need to keep track of what is accessing the drive and prompt accordingly.
If somebody is using the drive, don't let anybody else use the drive until they release the drive. Root can, as always, release the drive.
This needs to be fixed.
+1
|
|
|
Ubuntu desktop should really be optimized for the case when only one user at a time uses the computer. However, it needs to cater for multiple user accounts (but not using the computer simultaneously).
It would be even better if all removable media mounted during a desktop session was automatically unmounted and ejected when the session is closed (the user log out).
+1
|
|
Cypher
wrote on the 31 Oct 08 at 12:14
|
|
|
+1 this should be implemented for all locally connected accounts.
For those complaining about the risk because you're giving access to your computer, then simply remove the right of those user accounts to interact with the CD/DVD drive. It's up to you to grant or remove the rights of remote access.
So... Granted by default for locally connected accounts, disabled for remotely connected accounts. If such a split cannot be done, then simply allow it and let the power users define the rights for their remote guests.
|
|
|
Many Desktop OS users will not understand why they can't just BOTH use the removable media.
Perhaps this is something to consider.
Note: you CAN change this though... On Hardy Go to:
System > Administration > Authorizations
In the List-View go to:
org > freedesktop > hal > storage > Eject Removable Media
Grant all the users permission that you want to have it
or...
If you want ALL users to have permission to do this, Click the 'Edit' Button under 'Implicit Authorizations' and select 'yes' for 'anyone'.
Granted... this is a pretty complex thing to change for a newbie user
|
|
|
"Many Desktop OS users will not understand why they can't just BOTH use the removable media."
I am one of them. ;)
|
|
mambazo
wrote on the 2 Nov 08 at 19:10
|
|
|
|
I think the proper solution is as to allow locally logged in users umount each others CDs (as long as it is not actively being used).
|
|
|
"I think the proper solution is as to allow locally logged in users umount each others CDs (as long as it is not actively being used)."
I see no reason to be different than this.
|
|
|
I see that many people here forgot that Ubuntu is meant to be Linux for human beings. "$ sudu eject" is not for human beings...
No offense intended, I am not a human being in that sense :) But my wife would never remember how to eject a CD that I leave mounted, and little things like that stops me from installing Ubuntu on my home desktop (I have it installed on my notebook).
I agree with everyone that said that Ubuntu must be optimized for home and single user environment. It does not mean that it should not fit the multi-user environment, but don't you all agree that would be easier if the default configuration were for humans (like my wife) and the non-humans (like me) should use their skills to reconfigure when needed?
An option to lock the drive only if you want to would be great, but let the default behavior be the simplest possible.
Just my 2 cents!
|
|
Avanesov
wrote on the 18 Nov 08 at 16:11
|
|
|
|
Agreed
|
Post your comment
|
