Date: Thu, 30 Jan 2003 17:15:01 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Kirk McKusick <mckusick@beastie.mckusick.com> Cc: Jun Kuriyama <kuriyama@imgsrc.co.jp>, Current <freebsd-current@FreeBSD.org>, Robert Watson <rwatson@tislabs.com> Subject: Re: dump -L and privilege Message-ID: <20030130231501.GB75768@opus.celabo.org> In-Reply-To: <200301300217.h0U2HVFL015158@beastie.mckusick.com> References: <7miswoocye.wl@black.imgsrc.co.jp> <200301300217.h0U2HVFL015158@beastie.mckusick.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 29, 2003 at 06:17:31PM -0800, Kirk McKusick wrote: Alternative 1 `usermount' > The first would be > to change the default for vfs.usermount == 1 and then have dump -L > create the snapshot in a directory owned by "operator" (or by > whatever user runs the dumps). Then the snapshot could be created, > used, and deleted by that user. Alternative 2 `/sbin/snapshot' > The other alternative would be to > create a setuid-to-root program that would take a snapshot and > chown it to the user that does dumps. This setuid program could > then be invoked by dump -L to create a snapshot for it. Despite a distaste for setuid executables, I think I'd prefer a simple /sbin/snapshot setuid program. Primarily, enabling `vfs.usermount' gives more privileges to more users than I'm comfortable with. Secondarily, /sbin/snapshot may be useful on its own. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030130231501.GB75768>