© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Originally we deliberately allowed that so that guest users can use an USB stick to do things like like editing documents there or keeping their firefox config. See the profile:
/media/** rmwlixk, # we want access to USB sticks and the like
However, this should certainly be limited to the guest user's own devices. We already shield users from each other by mounting VFAT devices with dmask=0077, and ext4 devices have their own ACLs anyway.
That of course breaks down if you have custom /etc/fstab rules which allow anyone to write there. I think we can tighten this up with
owner /media/** rmwlixk,
This would break desired access to e. g. ext4 external hard disks, but that might be a smaller use case.