New users should not get added to the 'disk' and 'storage' groups

manjaro / manjaro-settings-manager

This repo has been archived. Our code is now hosted at

https://gitlab.manjaro.org/

GNU General Public License v3.0

18 stars 19 forks source link

New users should not get added to the 'disk' and 'storage' groups #114

Closed Bleuzen closed 6 years ago

Bleuzen commented 6 years ago

When I create a new standard user, the new user belongs to the groups: disk and storage (and others)

This is bad, because users of the disk group can edit partitions and users of the storage group can for example edit /etc/fstab using gnome-disks.

Isn't this a big security hole? Every new user can do this, without an ask for a password, so .. I would recommend not adding all new users to this 2 groups.

twifty commented 6 years ago

I have a very similar issue, possibly related. On a fresh install, with Gnome, the user created via the installer is able to edit fstab via the Gnome disks utility without being prompted for a password. Unlike the above, my user groups are unknown user username, there is no disk or storage.

Bleuzen commented 6 years ago

Hey @philmmanjaro or anyone .. Please take a look at it.