From owner-freebsd-questions@FreeBSD.ORG  Fri Apr  8 15:00:30 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1E6EE1065692
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Apr 2011 15:00:30 +0000 (UTC)
	(envelope-from freebsd-questions@m.gmane.org)
Received: from lo.gmane.org (lo.gmane.org [80.91.229.12])
	by mx1.freebsd.org (Postfix) with ESMTP id A7CA88FC29
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Apr 2011 15:00:28 +0000 (UTC)
Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <freebsd-questions@m.gmane.org>) id 1Q8DAh-0005Qz-Bl
	for freebsd-questions@freebsd.org; Fri, 08 Apr 2011 17:00:27 +0200
Received: from lara.cc.fer.hr ([161.53.72.113])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-questions@freebsd.org>; Fri, 08 Apr 2011 17:00:27 +0200
Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-questions@freebsd.org>; Fri, 08 Apr 2011 17:00:27 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-questions@freebsd.org
From: Ivan Voras <ivoras@freebsd.org>
Date: Fri, 08 Apr 2011 17:00:12 +0200
Lines: 22
Message-ID: <inn7tt$27k$1@dough.gmane.org>
References: <95E7502E-5C42-4F47-9C7E-7440FC946468@vindaloo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.2.12) Gecko/20101102 Thunderbird/3.1.6
In-Reply-To: <95E7502E-5C42-4F47-9C7E-7440FC946468@vindaloo.com>
X-Enigmail-Version: 1.1.2
Subject: Re: gmirror and normal users?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2011 15:00:31 -0000

On 08/04/2011 16:43, Christopher Hilton wrote:
> Should a normal user be able to successfully:
>
>       $ gmirror remove /dev/mirror/gm0 /dev/ad6
>
> Or is this something that's just unlocked because I haven't mounted the drive yet?
>
> $ uname -a
> FreeBSD deathstar.example.com 8.2-STABLE FreeBSD 8.2-STABLE #1: Wed Apr  6 13:09:37 EDT 2011     root@dagobah:/usr/obj/usr/src/sys/GENERIC  i386
> $ id
> uid=1001(chris) gid=1001(chris) groups=1001(chris),0(wheel),5(operator),1000(users)

It is because of the "operator" group. Normal users which are not in 
this groups would not be able to do it.

If a user can communicate with the device (i.e. has at least "reads" 
rights to it), he can send GEOM commands to it. The operator group has 
read permissions by default:

lara:~> ll /dev/mirror/
total 0
crw-r-----  1 root  operator    0, 150  8 Apr 16:55 bla