Public bug reported: Its seems since gnome has utilized policykit + udisks fine grain control of permissions and mounting options on devices have become grossly inadequate and the conventional group permissions + hal/gconf mounting options are now being completely ignored. What I need is very simple: read-only access to any removable media, including usb drives, floppy disks, and restriction to burning recordable cds/dvds. In the past all that was needed for this for usb and flash drives was to change hal rules and/or gconf mounting options -or- just remove the user from the group (floppy, plugdev) so they can't access it altogether. As for CD/DVD burning all you can do is remove the user from the cdrom group. Simple. Now, because gnome seems to be no longer honoring any of this, I've had to resort to either A) putting the entries in fstab or B) creating policy kit rules. A) is out of the question because I can't be sure of how many potential usb drives or floppy drives can be inserted into a machine so B) was my only option requiring a password for the user to mount them. Not what I wanted but fine. Now enter a new problem: any user has the ability to burn CDs or DVDs. Neither policykit nor udisks has any such restriction rule and as of right now deselecting "Use CD-ROM Drives" in users-admin has no effect on access to the device -or at least nautilus doesn't seem to care. If I pop in a recordable CD or DVD it gives me the option to burn contents onto it with no problem, the same goes for brasero used by itself. If I create udev rules to make the mode 0440 on the cd device or manually set it on the command line via chmod, nautilus seems to put it right back so it can burn away. K3b on the other hand seems to honor the group delegation.
Is gnome intentionally ignoring groups or is this a bug? If so then why provide the users-admin interface for delegating permissions on them if it has no effect? ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: gnome (not installed) ProcVersionSignature: Ubuntu 2.6.32-23.37-generic 2.6.32.15+drm33.5 Uname: Linux 2.6.32-23-generic i686 Architecture: i386 Date: Fri Jul 2 10:44:32 2010 InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429) ProcEnviron: PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: meta-gnome2 ** Affects: meta-gnome2 (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug i386 lucid -- gnome doesn't care about group permissions (device access) https://bugs.launchpad.net/bugs/601111 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs