Removing some privileges for extra users by default

@IamElive pointed on Suddenly cannot access my partitions a possible lack of security in the default settings of elive, in short:

users by default are in the disks group, this allows any user to simply wipe out the entire disk (using dd for example), this is not exactly a security problem because:

  • a user cannot be created without your (admin) permission
  • it is meant that you trust your users, but in any of the cases:
  • you can manually remove the user from that group

the question is, do we need the users to be in group disks by default? (this means, we need to betatest if we can still mount USB's or partitions or similar things, in other words: it removes usability / features?)

so a suggested improvement is to add the first user on the disks group but not the next ones :thinking:

maybe there's other settings to change by default too, like other groups mostly, everything else is managed from the sudo files which are already selectable in the user creation

mentions: @triantares

1 Like

Maybe simply default to the first user being "admin" and not allow for another through a GUI.
If an admin isn't knowledgeable enough to create another "admin" member with the CML ..... well maybe he/she just shouldn't be one.

As far as I know, to use USB and Cardreaders, the user need to be in the group plugdev (and fuse on older systems). The group disk is for more blockdevice operations. In worst case there are no SMART messages or temperature readings without root.

See Also: SystemGroups - Debian Wiki

disk : Raw access to disks. Mostly equivalent to root access.
[...]
Security implications
The group disk can be very dangerous, since hard drives in /dev/sd* and /dev/hd* can be read and written bypassing any file system and any partition, allowing a normal user to disclose, alter and destroy both the partitions and the data of such drives without root privileges. Users should never belong to this group.
To manage removable drives without root privileges, you have to use the groups cdrom for optical drives. Optical drives can usually be mounted in according to the rules in /etc/fstab, but for other removable drives the group plugdev may be more practical. Starting with Debian 8 (Jessie) you need root privileges to format USB and flash memories, because their devices in /dev/ do not belong to the group floppy anymore.
[...]

Hum!

in fact I think that users are not by default added to the group "disk", not even the first one maybe :thinking:

sudo grep disk /etc/group

that is a good thing :slight_smile: , I assume it just ask for admin password when it wants to do something that requires it (like formatting for example?)

1 Like

I totally agree. In my opinion the group is very harmful in the wrong hands, f.ex. if the user don't know his power.